cobaltstrike | 8e28d70e355d460e430e20fdaf5ad1bba5a258281035ef9aaefb2c819dcb42a7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

835090e2ff589847633af9e2e1cea77e
SHA1

ad7d8c1ba8e21736c108b74d8108cc53e8b5d61e
SHA256

8e28d70e355d460e430e20fdaf5ad1bba5a258281035ef9aaefb2c819dcb42a7
SHA512

9be77283ae98720d0561c3a865430a8ac8e50febceca6691d9d3f35bbdc4f29722f78aa83faab8dbeaac11cb53e4056b8179fde94031a0c441f8722d41bf03f8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000165c7-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016650-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b47-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c80-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c66-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016df3-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-76.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-69.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001628b-54.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c88-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000d000000012281-3.dat	xmrig
behavioral1/files/0x00080000000165c7-10.dat	xmrig
behavioral1/memory/2464-14-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2396-11-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016650-9.dat	xmrig
behavioral1/files/0x0007000000016b47-21.dat	xmrig
behavioral1/memory/2524-20-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2860-26-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2100-37-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2396-40-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2984-43-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c80-39.dat	xmrig
behavioral1/memory/2960-34-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c66-33.dat	xmrig
behavioral1/memory/2880-56-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2524-55-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016df3-58.dat	xmrig
behavioral1/memory/1048-71-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-81.dat	xmrig
behavioral1/files/0x00050000000186e7-113.dat	xmrig
behavioral1/files/0x00050000000186ed-120.dat	xmrig
behavioral1/files/0x00050000000186f4-130.dat	xmrig
behavioral1/memory/268-443-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2008-595-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/856-709-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2292-303-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0005000000019297-196.dat	xmrig
behavioral1/files/0x0005000000019284-191.dat	xmrig
behavioral1/files/0x0005000000019278-186.dat	xmrig
behavioral1/memory/1048-182-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-180.dat	xmrig
behavioral1/files/0x0005000000019250-175.dat	xmrig
behavioral1/files/0x0005000000019246-170.dat	xmrig
behavioral1/files/0x0006000000018c16-165.dat	xmrig
behavioral1/files/0x0006000000018b4e-160.dat	xmrig
behavioral1/files/0x00050000000187a8-155.dat	xmrig
behavioral1/files/0x000500000001878e-150.dat	xmrig
behavioral1/files/0x0005000000018744-145.dat	xmrig
behavioral1/files/0x0005000000018739-140.dat	xmrig
behavioral1/files/0x0005000000018704-135.dat	xmrig
behavioral1/files/0x00050000000186f1-125.dat	xmrig
behavioral1/files/0x0005000000018686-110.dat	xmrig
behavioral1/memory/2880-94-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-93.dat	xmrig
behavioral1/memory/856-102-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2720-101-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2292-78-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2984-77-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0006000000017049-76.dat	xmrig
behavioral1/files/0x000600000001755b-100.dat	xmrig
behavioral1/memory/268-86-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2988-85-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2720-63-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2860-62-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2960-70-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ecf-69.dat	xmrig
behavioral1/files/0x000900000001628b-54.dat	xmrig
behavioral1/memory/2988-48-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c88-47.dat	xmrig
behavioral1/memory/2396-2931-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2464-2924-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2860-2935-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2960-2938-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	jRpevEE.exe
2464	zkhCSQW.exe
2524	duClMnR.exe
2860	cSXUJID.exe
2960	suqMfzG.exe
2984	pZNebGP.exe
2988	gQKOrWE.exe
2880	YNMvZyS.exe
2720	psPWDsn.exe
1048	WTDMbwm.exe
2292	QkyvhbS.exe
268	BLUPvXR.exe
2008	uiHJaUZ.exe
856	bjmStcJ.exe
2376	aNPEDQA.exe
1292	RkVwxfU.exe
1684	BaARaow.exe
2164	YEWBtgO.exe
820	RBLIwqd.exe
2000	AApzLYZ.exe
852	xEQdqbW.exe
3028	splhpzp.exe
2776	whzqzCO.exe
2564	bocMJwb.exe
2252	MfGfkci.exe
3048	hIjmdPF.exe
544	UnWaBGP.exe
1812	KKcrBHS.exe
2944	QyctxAv.exe
960	otxANyY.exe
1892	Uqnhpyz.exe
788	MkodRWR.exe
1528	XTSyVBA.exe
1152	oWbICAd.exe
968	oEjtQQs.exe
1728	KoWEUsK.exe
1736	bNNpSFk.exe
1604	HkEJilN.exe
1740	BjdLrMe.exe
956	SsCAhGk.exe
2328	iJBVzHj.exe
2124	qEAxMIt.exe
2556	evdIEVY.exe
2348	YDLFwwm.exe
2188	CdCgiBc.exe
2560	MjtUUgd.exe
2012	NJFRKTz.exe
900	fAasEmt.exe
2568	qzdjoBJ.exe
1668	JfRVkkH.exe
1512	xJyaQGA.exe
1652	HxlOHFy.exe
2040	TpnkbCK.exe
2904	aXwhTIz.exe
2864	eBSXXwZ.exe
2900	gszTkbD.exe
2964	nESDqRd.exe
2740	uafBHvF.exe
2004	ccwddEK.exe
1588	kRxjNhi.exe
1476	brgdLsQ.exe
1660	mPlCVRa.exe
1564	HOIEQeE.exe
1624	AChMvWs.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000d000000012281-3.dat	upx
behavioral1/files/0x00080000000165c7-10.dat	upx
behavioral1/memory/2464-14-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2396-11-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0008000000016650-9.dat	upx
behavioral1/files/0x0007000000016b47-21.dat	upx
behavioral1/memory/2524-20-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2860-26-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2100-37-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2396-40-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2984-43-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0007000000016c80-39.dat	upx
behavioral1/memory/2960-34-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0007000000016c66-33.dat	upx
behavioral1/memory/2880-56-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2524-55-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0007000000016df3-58.dat	upx
behavioral1/memory/1048-71-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0006000000017497-81.dat	upx
behavioral1/files/0x00050000000186e7-113.dat	upx
behavioral1/files/0x00050000000186ed-120.dat	upx
behavioral1/files/0x00050000000186f4-130.dat	upx
behavioral1/memory/268-443-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2008-595-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/856-709-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2292-303-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0005000000019297-196.dat	upx
behavioral1/files/0x0005000000019284-191.dat	upx
behavioral1/files/0x0005000000019278-186.dat	upx
behavioral1/memory/1048-182-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0005000000019269-180.dat	upx
behavioral1/files/0x0005000000019250-175.dat	upx
behavioral1/files/0x0005000000019246-170.dat	upx
behavioral1/files/0x0006000000018c16-165.dat	upx
behavioral1/files/0x0006000000018b4e-160.dat	upx
behavioral1/files/0x00050000000187a8-155.dat	upx
behavioral1/files/0x000500000001878e-150.dat	upx
behavioral1/files/0x0005000000018744-145.dat	upx
behavioral1/files/0x0005000000018739-140.dat	upx
behavioral1/files/0x0005000000018704-135.dat	upx
behavioral1/files/0x00050000000186f1-125.dat	upx
behavioral1/files/0x0005000000018686-110.dat	upx
behavioral1/memory/2880-94-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000600000001749c-93.dat	upx
behavioral1/memory/856-102-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2720-101-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2292-78-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2984-77-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0006000000017049-76.dat	upx
behavioral1/files/0x000600000001755b-100.dat	upx
behavioral1/memory/268-86-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2988-85-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2720-63-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2860-62-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2960-70-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0006000000016ecf-69.dat	upx
behavioral1/files/0x000900000001628b-54.dat	upx
behavioral1/memory/2988-48-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0009000000016c88-47.dat	upx
behavioral1/memory/2396-2931-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2464-2924-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2860-2935-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2960-2938-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DIPGsZR.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuJgJrs.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLoZKCG.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMUcwIl.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkUYhaC.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWspODc.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjMzHGh.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqpBVwY.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJyUcpT.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajRJgPI.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOAJKNZ.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNXRmFC.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywvOBLh.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmpZAfD.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCQxExa.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXNIVON.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfEqCIg.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWPxlnW.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOjgoar.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qczKleF.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liSJOft.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCiWMtW.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbwjOLN.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTDiCbY.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whjFQSF.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxInptt.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHthhHJ.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYFaOSJ.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEeAHTP.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbBHAGk.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXhvBWe.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztYVmne.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoQyDtD.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWJURhb.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGYsUlz.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGdmGTo.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPlCVRa.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhRIBwW.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhugcbH.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaoMiWA.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFvMnxG.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwXjBuI.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usxbZzk.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPCnJMh.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqDLzEi.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsugpAH.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkOrIWO.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcTkxxQ.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGoamFZ.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOTfmIE.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssYNXSv.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDoGuOB.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KumRKgu.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAasEmt.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwqrURe.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edACHEC.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrUxPGJ.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmikiVK.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjlsuIF.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLImhkr.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXxxadK.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNyWYqf.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRqdRml.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNOryKx.exe	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2396	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2396	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2396	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 2464	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2464	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2464	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2524	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2524	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2524	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2860	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2860	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2860	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2960	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2960	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2960	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2984	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2984	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2984	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2988	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2988	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2988	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2880	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2880	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2880	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2720	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2720	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2720	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 1048	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 1048	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 1048	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2292	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2292	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2292	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 268	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 268	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 268	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2008	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2008	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2008	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 856	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 856	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 856	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2376	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2376	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 2376	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 1292	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 1292	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 1292	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 1684	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1684	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1684	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 2164	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 2164	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 2164	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 820	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 820	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 820	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 2000	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 2000	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 2000	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 852	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2100 wrote to memory of 852	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2100 wrote to memory of 852	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2100 wrote to memory of 3028	2100	2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_835090e2ff589847633af9e2e1cea77e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\jRpevEE.exe
  C:\Windows\System\jRpevEE.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\zkhCSQW.exe
  C:\Windows\System\zkhCSQW.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\duClMnR.exe
  C:\Windows\System\duClMnR.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\cSXUJID.exe
  C:\Windows\System\cSXUJID.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\suqMfzG.exe
  C:\Windows\System\suqMfzG.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\pZNebGP.exe
  C:\Windows\System\pZNebGP.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\gQKOrWE.exe
  C:\Windows\System\gQKOrWE.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\YNMvZyS.exe
  C:\Windows\System\YNMvZyS.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\psPWDsn.exe
  C:\Windows\System\psPWDsn.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\WTDMbwm.exe
  C:\Windows\System\WTDMbwm.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\QkyvhbS.exe
  C:\Windows\System\QkyvhbS.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\BLUPvXR.exe
  C:\Windows\System\BLUPvXR.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\uiHJaUZ.exe
  C:\Windows\System\uiHJaUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\bjmStcJ.exe
  C:\Windows\System\bjmStcJ.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\aNPEDQA.exe
  C:\Windows\System\aNPEDQA.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\RkVwxfU.exe
  C:\Windows\System\RkVwxfU.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\BaARaow.exe
  C:\Windows\System\BaARaow.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\YEWBtgO.exe
  C:\Windows\System\YEWBtgO.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\RBLIwqd.exe
  C:\Windows\System\RBLIwqd.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\AApzLYZ.exe
  C:\Windows\System\AApzLYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\xEQdqbW.exe
  C:\Windows\System\xEQdqbW.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\splhpzp.exe
  C:\Windows\System\splhpzp.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\whzqzCO.exe
  C:\Windows\System\whzqzCO.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\bocMJwb.exe
  C:\Windows\System\bocMJwb.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\MfGfkci.exe
  C:\Windows\System\MfGfkci.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\hIjmdPF.exe
  C:\Windows\System\hIjmdPF.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\UnWaBGP.exe
  C:\Windows\System\UnWaBGP.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\KKcrBHS.exe
  C:\Windows\System\KKcrBHS.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\QyctxAv.exe
  C:\Windows\System\QyctxAv.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\otxANyY.exe
  C:\Windows\System\otxANyY.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\Uqnhpyz.exe
  C:\Windows\System\Uqnhpyz.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\MkodRWR.exe
  C:\Windows\System\MkodRWR.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\XTSyVBA.exe
  C:\Windows\System\XTSyVBA.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\oWbICAd.exe
  C:\Windows\System\oWbICAd.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\oEjtQQs.exe
  C:\Windows\System\oEjtQQs.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\KoWEUsK.exe
  C:\Windows\System\KoWEUsK.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\bNNpSFk.exe
  C:\Windows\System\bNNpSFk.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\HkEJilN.exe
  C:\Windows\System\HkEJilN.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\BjdLrMe.exe
  C:\Windows\System\BjdLrMe.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\SsCAhGk.exe
  C:\Windows\System\SsCAhGk.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\iJBVzHj.exe
  C:\Windows\System\iJBVzHj.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\qEAxMIt.exe
  C:\Windows\System\qEAxMIt.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\evdIEVY.exe
  C:\Windows\System\evdIEVY.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\YDLFwwm.exe
  C:\Windows\System\YDLFwwm.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\CdCgiBc.exe
  C:\Windows\System\CdCgiBc.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\MjtUUgd.exe
  C:\Windows\System\MjtUUgd.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NJFRKTz.exe
  C:\Windows\System\NJFRKTz.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\fAasEmt.exe
  C:\Windows\System\fAasEmt.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\qzdjoBJ.exe
  C:\Windows\System\qzdjoBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\JfRVkkH.exe
  C:\Windows\System\JfRVkkH.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\xJyaQGA.exe
  C:\Windows\System\xJyaQGA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\HxlOHFy.exe
  C:\Windows\System\HxlOHFy.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\TpnkbCK.exe
  C:\Windows\System\TpnkbCK.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\aXwhTIz.exe
  C:\Windows\System\aXwhTIz.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\eBSXXwZ.exe
  C:\Windows\System\eBSXXwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\gszTkbD.exe
  C:\Windows\System\gszTkbD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\nESDqRd.exe
  C:\Windows\System\nESDqRd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\uafBHvF.exe
  C:\Windows\System\uafBHvF.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\ccwddEK.exe
  C:\Windows\System\ccwddEK.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\kRxjNhi.exe
  C:\Windows\System\kRxjNhi.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\brgdLsQ.exe
  C:\Windows\System\brgdLsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\mPlCVRa.exe
  C:\Windows\System\mPlCVRa.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\HOIEQeE.exe
  C:\Windows\System\HOIEQeE.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\AChMvWs.exe
  C:\Windows\System\AChMvWs.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\GrgTDIn.exe
  C:\Windows\System\GrgTDIn.exe
  2⤵
  PID:2016
- C:\Windows\System\qvUPcoN.exe
  C:\Windows\System\qvUPcoN.exe
  2⤵
  PID:2940
- C:\Windows\System\MGHIfQo.exe
  C:\Windows\System\MGHIfQo.exe
  2⤵
  PID:2192
- C:\Windows\System\SpKAYmc.exe
  C:\Windows\System\SpKAYmc.exe
  2⤵
  PID:3056
- C:\Windows\System\ZBpEbGT.exe
  C:\Windows\System\ZBpEbGT.exe
  2⤵
  PID:2256
- C:\Windows\System\uJovQkx.exe
  C:\Windows\System\uJovQkx.exe
  2⤵
  PID:1320
- C:\Windows\System\KAsCypy.exe
  C:\Windows\System\KAsCypy.exe
  2⤵
  PID:2800
- C:\Windows\System\jMwsGgk.exe
  C:\Windows\System\jMwsGgk.exe
  2⤵
  PID:1368
- C:\Windows\System\JmopUXu.exe
  C:\Windows\System\JmopUXu.exe
  2⤵
  PID:912
- C:\Windows\System\KpJaMhh.exe
  C:\Windows\System\KpJaMhh.exe
  2⤵
  PID:1232
- C:\Windows\System\bkaxoal.exe
  C:\Windows\System\bkaxoal.exe
  2⤵
  PID:2196
- C:\Windows\System\cohaNmB.exe
  C:\Windows\System\cohaNmB.exe
  2⤵
  PID:692
- C:\Windows\System\WcUIQKt.exe
  C:\Windows\System\WcUIQKt.exe
  2⤵
  PID:336
- C:\Windows\System\QKCntUp.exe
  C:\Windows\System\QKCntUp.exe
  2⤵
  PID:2580
- C:\Windows\System\MbhQQrH.exe
  C:\Windows\System\MbhQQrH.exe
  2⤵
  PID:2608
- C:\Windows\System\mdSZnZI.exe
  C:\Windows\System\mdSZnZI.exe
  2⤵
  PID:1976
- C:\Windows\System\TQUYQwj.exe
  C:\Windows\System\TQUYQwj.exe
  2⤵
  PID:1440
- C:\Windows\System\xXofTZH.exe
  C:\Windows\System\xXofTZH.exe
  2⤵
  PID:2248
- C:\Windows\System\MbyKdBZ.exe
  C:\Windows\System\MbyKdBZ.exe
  2⤵
  PID:2312
- C:\Windows\System\ngrjVYc.exe
  C:\Windows\System\ngrjVYc.exe
  2⤵
  PID:372
- C:\Windows\System\bmqJoOc.exe
  C:\Windows\System\bmqJoOc.exe
  2⤵
  PID:2664
- C:\Windows\System\gVRDgdq.exe
  C:\Windows\System\gVRDgdq.exe
  2⤵
  PID:2420
- C:\Windows\System\CFbVkWs.exe
  C:\Windows\System\CFbVkWs.exe
  2⤵
  PID:2136
- C:\Windows\System\CzsfWKX.exe
  C:\Windows\System\CzsfWKX.exe
  2⤵
  PID:376
- C:\Windows\System\MadHfAN.exe
  C:\Windows\System\MadHfAN.exe
  2⤵
  PID:2388
- C:\Windows\System\zzSvzyk.exe
  C:\Windows\System\zzSvzyk.exe
  2⤵
  PID:1284
- C:\Windows\System\ylTClTm.exe
  C:\Windows\System\ylTClTm.exe
  2⤵
  PID:1620
- C:\Windows\System\lzTYera.exe
  C:\Windows\System\lzTYera.exe
  2⤵
  PID:1884
- C:\Windows\System\hFdkqyh.exe
  C:\Windows\System\hFdkqyh.exe
  2⤵
  PID:2744
- C:\Windows\System\hqfLAXd.exe
  C:\Windows\System\hqfLAXd.exe
  2⤵
  PID:2216
- C:\Windows\System\cEmqDlX.exe
  C:\Windows\System\cEmqDlX.exe
  2⤵
  PID:1004
- C:\Windows\System\IbAbCYT.exe
  C:\Windows\System\IbAbCYT.exe
  2⤵
  PID:1552
- C:\Windows\System\OqlLOzM.exe
  C:\Windows\System\OqlLOzM.exe
  2⤵
  PID:1492
- C:\Windows\System\EbzNVIy.exe
  C:\Windows\System\EbzNVIy.exe
  2⤵
  PID:2344
- C:\Windows\System\QOaJtnd.exe
  C:\Windows\System\QOaJtnd.exe
  2⤵
  PID:2808
- C:\Windows\System\scpYHsY.exe
  C:\Windows\System\scpYHsY.exe
  2⤵
  PID:1228
- C:\Windows\System\jIjAtqx.exe
  C:\Windows\System\jIjAtqx.exe
  2⤵
  PID:2600
- C:\Windows\System\rBjpDdo.exe
  C:\Windows\System\rBjpDdo.exe
  2⤵
  PID:904
- C:\Windows\System\EmpZAfD.exe
  C:\Windows\System\EmpZAfD.exe
  2⤵
  PID:1580
- C:\Windows\System\xtjacXw.exe
  C:\Windows\System\xtjacXw.exe
  2⤵
  PID:2140
- C:\Windows\System\HDxZnvQ.exe
  C:\Windows\System\HDxZnvQ.exe
  2⤵
  PID:2748
- C:\Windows\System\MyyZFbg.exe
  C:\Windows\System\MyyZFbg.exe
  2⤵
  PID:2716
- C:\Windows\System\EjtVKVL.exe
  C:\Windows\System\EjtVKVL.exe
  2⤵
  PID:2692
- C:\Windows\System\dHqWdWi.exe
  C:\Windows\System\dHqWdWi.exe
  2⤵
  PID:772
- C:\Windows\System\XWlLtmD.exe
  C:\Windows\System\XWlLtmD.exe
  2⤵
  PID:3092
- C:\Windows\System\CyPPIkR.exe
  C:\Windows\System\CyPPIkR.exe
  2⤵
  PID:3112
- C:\Windows\System\iBndIMk.exe
  C:\Windows\System\iBndIMk.exe
  2⤵
  PID:3132
- C:\Windows\System\KGugutZ.exe
  C:\Windows\System\KGugutZ.exe
  2⤵
  PID:3152
- C:\Windows\System\jlBFmIh.exe
  C:\Windows\System\jlBFmIh.exe
  2⤵
  PID:3172
- C:\Windows\System\CIYkjwm.exe
  C:\Windows\System\CIYkjwm.exe
  2⤵
  PID:3192
- C:\Windows\System\lKmtnht.exe
  C:\Windows\System\lKmtnht.exe
  2⤵
  PID:3212
- C:\Windows\System\mzPJVwa.exe
  C:\Windows\System\mzPJVwa.exe
  2⤵
  PID:3236
- C:\Windows\System\jMYEVzU.exe
  C:\Windows\System\jMYEVzU.exe
  2⤵
  PID:3256
- C:\Windows\System\pEgLSke.exe
  C:\Windows\System\pEgLSke.exe
  2⤵
  PID:3276
- C:\Windows\System\GlgTDYP.exe
  C:\Windows\System\GlgTDYP.exe
  2⤵
  PID:3296
- C:\Windows\System\pBjeTJl.exe
  C:\Windows\System\pBjeTJl.exe
  2⤵
  PID:3316
- C:\Windows\System\JaPeQib.exe
  C:\Windows\System\JaPeQib.exe
  2⤵
  PID:3336
- C:\Windows\System\ntlcZbf.exe
  C:\Windows\System\ntlcZbf.exe
  2⤵
  PID:3356
- C:\Windows\System\dKogsed.exe
  C:\Windows\System\dKogsed.exe
  2⤵
  PID:3376
- C:\Windows\System\YZBSYhW.exe
  C:\Windows\System\YZBSYhW.exe
  2⤵
  PID:3392
- C:\Windows\System\dMCeGaZ.exe
  C:\Windows\System\dMCeGaZ.exe
  2⤵
  PID:3412
- C:\Windows\System\EPRfiHq.exe
  C:\Windows\System\EPRfiHq.exe
  2⤵
  PID:3436
- C:\Windows\System\HFHoLnQ.exe
  C:\Windows\System\HFHoLnQ.exe
  2⤵
  PID:3456
- C:\Windows\System\gbgRDJW.exe
  C:\Windows\System\gbgRDJW.exe
  2⤵
  PID:3476
- C:\Windows\System\AojstCE.exe
  C:\Windows\System\AojstCE.exe
  2⤵
  PID:3500
- C:\Windows\System\HylZxfY.exe
  C:\Windows\System\HylZxfY.exe
  2⤵
  PID:3520
- C:\Windows\System\VeTtuHA.exe
  C:\Windows\System\VeTtuHA.exe
  2⤵
  PID:3540
- C:\Windows\System\QylUzdH.exe
  C:\Windows\System\QylUzdH.exe
  2⤵
  PID:3556
- C:\Windows\System\bNHaSlU.exe
  C:\Windows\System\bNHaSlU.exe
  2⤵
  PID:3580
- C:\Windows\System\VIjkzOa.exe
  C:\Windows\System\VIjkzOa.exe
  2⤵
  PID:3596
- C:\Windows\System\siezZbu.exe
  C:\Windows\System\siezZbu.exe
  2⤵
  PID:3616
- C:\Windows\System\aTKuSAX.exe
  C:\Windows\System\aTKuSAX.exe
  2⤵
  PID:3636
- C:\Windows\System\IrGPbzy.exe
  C:\Windows\System\IrGPbzy.exe
  2⤵
  PID:3656
- C:\Windows\System\zHWWdVR.exe
  C:\Windows\System\zHWWdVR.exe
  2⤵
  PID:3676
- C:\Windows\System\MNJNSvp.exe
  C:\Windows\System\MNJNSvp.exe
  2⤵
  PID:3696
- C:\Windows\System\yUaFllc.exe
  C:\Windows\System\yUaFllc.exe
  2⤵
  PID:3720
- C:\Windows\System\XDMIBmh.exe
  C:\Windows\System\XDMIBmh.exe
  2⤵
  PID:3740
- C:\Windows\System\YhagvIU.exe
  C:\Windows\System\YhagvIU.exe
  2⤵
  PID:3764
- C:\Windows\System\gXYoyiJ.exe
  C:\Windows\System\gXYoyiJ.exe
  2⤵
  PID:3784
- C:\Windows\System\bieRRSZ.exe
  C:\Windows\System\bieRRSZ.exe
  2⤵
  PID:3804
- C:\Windows\System\ssYNXSv.exe
  C:\Windows\System\ssYNXSv.exe
  2⤵
  PID:3824
- C:\Windows\System\njtHwBc.exe
  C:\Windows\System\njtHwBc.exe
  2⤵
  PID:3844
- C:\Windows\System\cNvmBuJ.exe
  C:\Windows\System\cNvmBuJ.exe
  2⤵
  PID:3864
- C:\Windows\System\VnqGoNs.exe
  C:\Windows\System\VnqGoNs.exe
  2⤵
  PID:3880
- C:\Windows\System\ppeImpK.exe
  C:\Windows\System\ppeImpK.exe
  2⤵
  PID:3900
- C:\Windows\System\iLSsDAC.exe
  C:\Windows\System\iLSsDAC.exe
  2⤵
  PID:3920
- C:\Windows\System\Eorjait.exe
  C:\Windows\System\Eorjait.exe
  2⤵
  PID:3940
- C:\Windows\System\PmCyqEv.exe
  C:\Windows\System\PmCyqEv.exe
  2⤵
  PID:3960
- C:\Windows\System\GwhPcRe.exe
  C:\Windows\System\GwhPcRe.exe
  2⤵
  PID:3984
- C:\Windows\System\yWfNNve.exe
  C:\Windows\System\yWfNNve.exe
  2⤵
  PID:4000
- C:\Windows\System\prpcPSl.exe
  C:\Windows\System\prpcPSl.exe
  2⤵
  PID:4020
- C:\Windows\System\iDdMrfh.exe
  C:\Windows\System\iDdMrfh.exe
  2⤵
  PID:4040
- C:\Windows\System\QcESHTj.exe
  C:\Windows\System\QcESHTj.exe
  2⤵
  PID:4064
- C:\Windows\System\UVGSwgd.exe
  C:\Windows\System\UVGSwgd.exe
  2⤵
  PID:4084
- C:\Windows\System\EcFuHpA.exe
  C:\Windows\System\EcFuHpA.exe
  2⤵
  PID:3004
- C:\Windows\System\eYFvLxc.exe
  C:\Windows\System\eYFvLxc.exe
  2⤵
  PID:2052
- C:\Windows\System\HUtYMnm.exe
  C:\Windows\System\HUtYMnm.exe
  2⤵
  PID:1088
- C:\Windows\System\adVsDaP.exe
  C:\Windows\System\adVsDaP.exe
  2⤵
  PID:1016
- C:\Windows\System\iZaqdCb.exe
  C:\Windows\System\iZaqdCb.exe
  2⤵
  PID:1420
- C:\Windows\System\tHRErVt.exe
  C:\Windows\System\tHRErVt.exe
  2⤵
  PID:2132
- C:\Windows\System\XsoIEei.exe
  C:\Windows\System\XsoIEei.exe
  2⤵
  PID:1940
- C:\Windows\System\qirSSGm.exe
  C:\Windows\System\qirSSGm.exe
  2⤵
  PID:1216
- C:\Windows\System\XXJfyyi.exe
  C:\Windows\System\XXJfyyi.exe
  2⤵
  PID:2928
- C:\Windows\System\peqdmLE.exe
  C:\Windows\System\peqdmLE.exe
  2⤵
  PID:1644
- C:\Windows\System\IfUNgzM.exe
  C:\Windows\System\IfUNgzM.exe
  2⤵
  PID:3100
- C:\Windows\System\IchEhgI.exe
  C:\Windows\System\IchEhgI.exe
  2⤵
  PID:3168
- C:\Windows\System\PkeQfgH.exe
  C:\Windows\System\PkeQfgH.exe
  2⤵
  PID:3208
- C:\Windows\System\YiFWHSH.exe
  C:\Windows\System\YiFWHSH.exe
  2⤵
  PID:3220
- C:\Windows\System\EHxwrJJ.exe
  C:\Windows\System\EHxwrJJ.exe
  2⤵
  PID:3224
- C:\Windows\System\scqpYsD.exe
  C:\Windows\System\scqpYsD.exe
  2⤵
  PID:3264
- C:\Windows\System\CTucDmq.exe
  C:\Windows\System\CTucDmq.exe
  2⤵
  PID:3272
- C:\Windows\System\KrVWfsC.exe
  C:\Windows\System\KrVWfsC.exe
  2⤵
  PID:3368
- C:\Windows\System\YvlrOkq.exe
  C:\Windows\System\YvlrOkq.exe
  2⤵
  PID:3344
- C:\Windows\System\hmmUVrd.exe
  C:\Windows\System\hmmUVrd.exe
  2⤵
  PID:3432
- C:\Windows\System\VWcaZGH.exe
  C:\Windows\System\VWcaZGH.exe
  2⤵
  PID:3492
- C:\Windows\System\rQeQlDY.exe
  C:\Windows\System\rQeQlDY.exe
  2⤵
  PID:3472
- C:\Windows\System\QfDVKre.exe
  C:\Windows\System\QfDVKre.exe
  2⤵
  PID:3568
- C:\Windows\System\Tcpsztr.exe
  C:\Windows\System\Tcpsztr.exe
  2⤵
  PID:3576
- C:\Windows\System\QXCDzAH.exe
  C:\Windows\System\QXCDzAH.exe
  2⤵
  PID:3608
- C:\Windows\System\OyWbpaP.exe
  C:\Windows\System\OyWbpaP.exe
  2⤵
  PID:3684
- C:\Windows\System\JXJTzDD.exe
  C:\Windows\System\JXJTzDD.exe
  2⤵
  PID:3628
- C:\Windows\System\BBmtuOa.exe
  C:\Windows\System\BBmtuOa.exe
  2⤵
  PID:2400
- C:\Windows\System\KoGlKes.exe
  C:\Windows\System\KoGlKes.exe
  2⤵
  PID:3708
- C:\Windows\System\jJDgYqQ.exe
  C:\Windows\System\jJDgYqQ.exe
  2⤵
  PID:3772
- C:\Windows\System\slCcpyJ.exe
  C:\Windows\System\slCcpyJ.exe
  2⤵
  PID:3820
- C:\Windows\System\ppBvJQB.exe
  C:\Windows\System\ppBvJQB.exe
  2⤵
  PID:3800
- C:\Windows\System\OGPAvFy.exe
  C:\Windows\System\OGPAvFy.exe
  2⤵
  PID:3832
- C:\Windows\System\ofpsPDf.exe
  C:\Windows\System\ofpsPDf.exe
  2⤵
  PID:3928
- C:\Windows\System\dbWwADv.exe
  C:\Windows\System\dbWwADv.exe
  2⤵
  PID:3876
- C:\Windows\System\ROYJdpD.exe
  C:\Windows\System\ROYJdpD.exe
  2⤵
  PID:3980
- C:\Windows\System\rfEDLgU.exe
  C:\Windows\System\rfEDLgU.exe
  2⤵
  PID:3952
- C:\Windows\System\ceQDogR.exe
  C:\Windows\System\ceQDogR.exe
  2⤵
  PID:4012
- C:\Windows\System\XRmWPmp.exe
  C:\Windows\System\XRmWPmp.exe
  2⤵
  PID:3996
- C:\Windows\System\YqeoOJA.exe
  C:\Windows\System\YqeoOJA.exe
  2⤵
  PID:4092
- C:\Windows\System\EGUuiLM.exe
  C:\Windows\System\EGUuiLM.exe
  2⤵
  PID:1764
- C:\Windows\System\zXLWufp.exe
  C:\Windows\System\zXLWufp.exe
  2⤵
  PID:2304
- C:\Windows\System\SHPlaQp.exe
  C:\Windows\System\SHPlaQp.exe
  2⤵
  PID:2468
- C:\Windows\System\ySMHokc.exe
  C:\Windows\System\ySMHokc.exe
  2⤵
  PID:1648
- C:\Windows\System\lCZKeHh.exe
  C:\Windows\System\lCZKeHh.exe
  2⤵
  PID:1500
- C:\Windows\System\XijfhBY.exe
  C:\Windows\System\XijfhBY.exe
  2⤵
  PID:3088
- C:\Windows\System\COJJNYS.exe
  C:\Windows\System\COJJNYS.exe
  2⤵
  PID:3128
- C:\Windows\System\uemEedd.exe
  C:\Windows\System\uemEedd.exe
  2⤵
  PID:3108
- C:\Windows\System\EvyvOHM.exe
  C:\Windows\System\EvyvOHM.exe
  2⤵
  PID:3184
- C:\Windows\System\qczKleF.exe
  C:\Windows\System\qczKleF.exe
  2⤵
  PID:3328
- C:\Windows\System\oWQbDHq.exe
  C:\Windows\System\oWQbDHq.exe
  2⤵
  PID:3408
- C:\Windows\System\CLYMbPN.exe
  C:\Windows\System\CLYMbPN.exe
  2⤵
  PID:3308
- C:\Windows\System\ldCABHk.exe
  C:\Windows\System\ldCABHk.exe
  2⤵
  PID:3424
- C:\Windows\System\iFsYIDX.exe
  C:\Windows\System\iFsYIDX.exe
  2⤵
  PID:2712
- C:\Windows\System\FgEwGRw.exe
  C:\Windows\System\FgEwGRw.exe
  2⤵
  PID:3552
- C:\Windows\System\foeNQbY.exe
  C:\Windows\System\foeNQbY.exe
  2⤵
  PID:3592
- C:\Windows\System\AJPQWGA.exe
  C:\Windows\System\AJPQWGA.exe
  2⤵
  PID:3704
- C:\Windows\System\ROaAqHo.exe
  C:\Windows\System\ROaAqHo.exe
  2⤵
  PID:3672
- C:\Windows\System\JAobJDO.exe
  C:\Windows\System\JAobJDO.exe
  2⤵
  PID:3812
- C:\Windows\System\POaZlQx.exe
  C:\Windows\System\POaZlQx.exe
  2⤵
  PID:3712
- C:\Windows\System\NJeUNAk.exe
  C:\Windows\System\NJeUNAk.exe
  2⤵
  PID:3860
- C:\Windows\System\zytxeMK.exe
  C:\Windows\System\zytxeMK.exe
  2⤵
  PID:3892
- C:\Windows\System\nUdszSK.exe
  C:\Windows\System\nUdszSK.exe
  2⤵
  PID:3956
- C:\Windows\System\nPYUxCy.exe
  C:\Windows\System\nPYUxCy.exe
  2⤵
  PID:4056
- C:\Windows\System\aPJuoZH.exe
  C:\Windows\System\aPJuoZH.exe
  2⤵
  PID:4016
- C:\Windows\System\xxuAmsu.exe
  C:\Windows\System\xxuAmsu.exe
  2⤵
  PID:848
- C:\Windows\System\AkkFkHD.exe
  C:\Windows\System\AkkFkHD.exe
  2⤵
  PID:1788
- C:\Windows\System\ADhVlro.exe
  C:\Windows\System\ADhVlro.exe
  2⤵
  PID:3120
- C:\Windows\System\sUclMWB.exe
  C:\Windows\System\sUclMWB.exe
  2⤵
  PID:3180
- C:\Windows\System\ZgwLJbD.exe
  C:\Windows\System\ZgwLJbD.exe
  2⤵
  PID:3164
- C:\Windows\System\hNuTlxE.exe
  C:\Windows\System\hNuTlxE.exe
  2⤵
  PID:3400
- C:\Windows\System\EsmRGLR.exe
  C:\Windows\System\EsmRGLR.exe
  2⤵
  PID:3532
- C:\Windows\System\qPdpKaD.exe
  C:\Windows\System\qPdpKaD.exe
  2⤵
  PID:3548
- C:\Windows\System\PQcqbhl.exe
  C:\Windows\System\PQcqbhl.exe
  2⤵
  PID:572
- C:\Windows\System\IqEBtgi.exe
  C:\Windows\System\IqEBtgi.exe
  2⤵
  PID:3688
- C:\Windows\System\tAnQwwL.exe
  C:\Windows\System\tAnQwwL.exe
  2⤵
  PID:2316
- C:\Windows\System\DOiAgdX.exe
  C:\Windows\System\DOiAgdX.exe
  2⤵
  PID:3856
- C:\Windows\System\rbASrCz.exe
  C:\Windows\System\rbASrCz.exe
  2⤵
  PID:2096
- C:\Windows\System\HBMqhPn.exe
  C:\Windows\System\HBMqhPn.exe
  2⤵
  PID:3752
- C:\Windows\System\sUcXJVX.exe
  C:\Windows\System\sUcXJVX.exe
  2⤵
  PID:1944
- C:\Windows\System\KLQHPBT.exe
  C:\Windows\System\KLQHPBT.exe
  2⤵
  PID:4108
- C:\Windows\System\rqNSPBD.exe
  C:\Windows\System\rqNSPBD.exe
  2⤵
  PID:4128
- C:\Windows\System\rTCMLYe.exe
  C:\Windows\System\rTCMLYe.exe
  2⤵
  PID:4148
- C:\Windows\System\BVaamEY.exe
  C:\Windows\System\BVaamEY.exe
  2⤵
  PID:4176
- C:\Windows\System\XkAQell.exe
  C:\Windows\System\XkAQell.exe
  2⤵
  PID:4196
- C:\Windows\System\cjIWVLw.exe
  C:\Windows\System\cjIWVLw.exe
  2⤵
  PID:4216
- C:\Windows\System\vmIgulV.exe
  C:\Windows\System\vmIgulV.exe
  2⤵
  PID:4236
- C:\Windows\System\MqtZkeG.exe
  C:\Windows\System\MqtZkeG.exe
  2⤵
  PID:4256
- C:\Windows\System\yQdftFo.exe
  C:\Windows\System\yQdftFo.exe
  2⤵
  PID:4276
- C:\Windows\System\cREdmJZ.exe
  C:\Windows\System\cREdmJZ.exe
  2⤵
  PID:4292
- C:\Windows\System\tjPZHJO.exe
  C:\Windows\System\tjPZHJO.exe
  2⤵
  PID:4316
- C:\Windows\System\MFgQCYU.exe
  C:\Windows\System\MFgQCYU.exe
  2⤵
  PID:4336
- C:\Windows\System\dnucbKP.exe
  C:\Windows\System\dnucbKP.exe
  2⤵
  PID:4356
- C:\Windows\System\OvwGerE.exe
  C:\Windows\System\OvwGerE.exe
  2⤵
  PID:4372
- C:\Windows\System\wvsYKsN.exe
  C:\Windows\System\wvsYKsN.exe
  2⤵
  PID:4392
- C:\Windows\System\tOKDFvd.exe
  C:\Windows\System\tOKDFvd.exe
  2⤵
  PID:4412
- C:\Windows\System\gviYAAS.exe
  C:\Windows\System\gviYAAS.exe
  2⤵
  PID:4432
- C:\Windows\System\Vdwcmot.exe
  C:\Windows\System\Vdwcmot.exe
  2⤵
  PID:4448
- C:\Windows\System\ZQypAqZ.exe
  C:\Windows\System\ZQypAqZ.exe
  2⤵
  PID:4468
- C:\Windows\System\YLRSgJC.exe
  C:\Windows\System\YLRSgJC.exe
  2⤵
  PID:4488
- C:\Windows\System\StPnIIn.exe
  C:\Windows\System\StPnIIn.exe
  2⤵
  PID:4512
- C:\Windows\System\oFEryoo.exe
  C:\Windows\System\oFEryoo.exe
  2⤵
  PID:4528
- C:\Windows\System\ficDsWC.exe
  C:\Windows\System\ficDsWC.exe
  2⤵
  PID:4552
- C:\Windows\System\GuhTHZV.exe
  C:\Windows\System\GuhTHZV.exe
  2⤵
  PID:4568
- C:\Windows\System\wOiGZXI.exe
  C:\Windows\System\wOiGZXI.exe
  2⤵
  PID:4592
- C:\Windows\System\lXGQQtH.exe
  C:\Windows\System\lXGQQtH.exe
  2⤵
  PID:4608
- C:\Windows\System\chtKuNC.exe
  C:\Windows\System\chtKuNC.exe
  2⤵
  PID:4640
- C:\Windows\System\paBODpc.exe
  C:\Windows\System\paBODpc.exe
  2⤵
  PID:4656
- C:\Windows\System\MQQFOmi.exe
  C:\Windows\System\MQQFOmi.exe
  2⤵
  PID:4680
- C:\Windows\System\QHQFrdv.exe
  C:\Windows\System\QHQFrdv.exe
  2⤵
  PID:4696
- C:\Windows\System\tThMkqq.exe
  C:\Windows\System\tThMkqq.exe
  2⤵
  PID:4716
- C:\Windows\System\YVnYOKg.exe
  C:\Windows\System\YVnYOKg.exe
  2⤵
  PID:4736
- C:\Windows\System\XJxleEm.exe
  C:\Windows\System\XJxleEm.exe
  2⤵
  PID:4756
- C:\Windows\System\xHjIlUG.exe
  C:\Windows\System\xHjIlUG.exe
  2⤵
  PID:4776
- C:\Windows\System\fsFEASf.exe
  C:\Windows\System\fsFEASf.exe
  2⤵
  PID:4796
- C:\Windows\System\qQUPCUq.exe
  C:\Windows\System\qQUPCUq.exe
  2⤵
  PID:4816
- C:\Windows\System\nIzfHxE.exe
  C:\Windows\System\nIzfHxE.exe
  2⤵
  PID:4836
- C:\Windows\System\aNeOZlh.exe
  C:\Windows\System\aNeOZlh.exe
  2⤵
  PID:4856
- C:\Windows\System\idgViZH.exe
  C:\Windows\System\idgViZH.exe
  2⤵
  PID:4880
- C:\Windows\System\sMqSqXk.exe
  C:\Windows\System\sMqSqXk.exe
  2⤵
  PID:4896
- C:\Windows\System\npjqyrp.exe
  C:\Windows\System\npjqyrp.exe
  2⤵
  PID:4920
- C:\Windows\System\IeIXgmk.exe
  C:\Windows\System\IeIXgmk.exe
  2⤵
  PID:4936
- C:\Windows\System\ersCgpz.exe
  C:\Windows\System\ersCgpz.exe
  2⤵
  PID:4960
- C:\Windows\System\sfHuQrk.exe
  C:\Windows\System\sfHuQrk.exe
  2⤵
  PID:4980
- C:\Windows\System\WgVdNMX.exe
  C:\Windows\System\WgVdNMX.exe
  2⤵
  PID:5000
- C:\Windows\System\fUkAChO.exe
  C:\Windows\System\fUkAChO.exe
  2⤵
  PID:5020
- C:\Windows\System\wUQRqAQ.exe
  C:\Windows\System\wUQRqAQ.exe
  2⤵
  PID:5040
- C:\Windows\System\AHvpABu.exe
  C:\Windows\System\AHvpABu.exe
  2⤵
  PID:5060
- C:\Windows\System\sZASBOk.exe
  C:\Windows\System\sZASBOk.exe
  2⤵
  PID:5080
- C:\Windows\System\hjgnsmM.exe
  C:\Windows\System\hjgnsmM.exe
  2⤵
  PID:5100
- C:\Windows\System\AboJIkZ.exe
  C:\Windows\System\AboJIkZ.exe
  2⤵
  PID:2980
- C:\Windows\System\QOcnODh.exe
  C:\Windows\System\QOcnODh.exe
  2⤵
  PID:4076
- C:\Windows\System\sYpOrOX.exe
  C:\Windows\System\sYpOrOX.exe
  2⤵
  PID:3232
- C:\Windows\System\IUzGHpQ.exe
  C:\Windows\System\IUzGHpQ.exe
  2⤵
  PID:3348
- C:\Windows\System\Fybzpqt.exe
  C:\Windows\System\Fybzpqt.exe
  2⤵
  PID:3140
- C:\Windows\System\peZZgRv.exe
  C:\Windows\System\peZZgRv.exe
  2⤵
  PID:3664
- C:\Windows\System\XGmqvyT.exe
  C:\Windows\System\XGmqvyT.exe
  2⤵
  PID:3612
- C:\Windows\System\NfgJrql.exe
  C:\Windows\System\NfgJrql.exe
  2⤵
  PID:3776
- C:\Windows\System\nInwsue.exe
  C:\Windows\System\nInwsue.exe
  2⤵
  PID:4100
- C:\Windows\System\fsnymfL.exe
  C:\Windows\System\fsnymfL.exe
  2⤵
  PID:3932
- C:\Windows\System\hszNXhA.exe
  C:\Windows\System\hszNXhA.exe
  2⤵
  PID:4188
- C:\Windows\System\hHDGfqA.exe
  C:\Windows\System\hHDGfqA.exe
  2⤵
  PID:4008
- C:\Windows\System\PUtWGMK.exe
  C:\Windows\System\PUtWGMK.exe
  2⤵
  PID:4172
- C:\Windows\System\oXTZgXV.exe
  C:\Windows\System\oXTZgXV.exe
  2⤵
  PID:4300
- C:\Windows\System\IbXhcsO.exe
  C:\Windows\System\IbXhcsO.exe
  2⤵
  PID:4344
- C:\Windows\System\FcUoSAT.exe
  C:\Windows\System\FcUoSAT.exe
  2⤵
  PID:4384
- C:\Windows\System\ChexVxM.exe
  C:\Windows\System\ChexVxM.exe
  2⤵
  PID:4248
- C:\Windows\System\hoQyDtD.exe
  C:\Windows\System\hoQyDtD.exe
  2⤵
  PID:4420
- C:\Windows\System\GWeJivT.exe
  C:\Windows\System\GWeJivT.exe
  2⤵
  PID:4460
- C:\Windows\System\YwXsDLC.exe
  C:\Windows\System\YwXsDLC.exe
  2⤵
  PID:4508
- C:\Windows\System\GnwYddz.exe
  C:\Windows\System\GnwYddz.exe
  2⤵
  PID:4536
- C:\Windows\System\AbdRGVL.exe
  C:\Windows\System\AbdRGVL.exe
  2⤵
  PID:4540
- C:\Windows\System\bHXCwaE.exe
  C:\Windows\System\bHXCwaE.exe
  2⤵
  PID:4440
- C:\Windows\System\InnBBqQ.exe
  C:\Windows\System\InnBBqQ.exe
  2⤵
  PID:4580
- C:\Windows\System\PNcGwkq.exe
  C:\Windows\System\PNcGwkq.exe
  2⤵
  PID:4628
- C:\Windows\System\AikQpYv.exe
  C:\Windows\System\AikQpYv.exe
  2⤵
  PID:4564
- C:\Windows\System\UWQcHfq.exe
  C:\Windows\System\UWQcHfq.exe
  2⤵
  PID:4672
- C:\Windows\System\kshAYAy.exe
  C:\Windows\System\kshAYAy.exe
  2⤵
  PID:4604
- C:\Windows\System\eWlFqKC.exe
  C:\Windows\System\eWlFqKC.exe
  2⤵
  PID:4752
- C:\Windows\System\QSmfmSQ.exe
  C:\Windows\System\QSmfmSQ.exe
  2⤵
  PID:4688
- C:\Windows\System\NKGbDQt.exe
  C:\Windows\System\NKGbDQt.exe
  2⤵
  PID:3484
- C:\Windows\System\UrBSILP.exe
  C:\Windows\System\UrBSILP.exe
  2⤵
  PID:4824
- C:\Windows\System\BZVwxVY.exe
  C:\Windows\System\BZVwxVY.exe
  2⤵
  PID:4864
- C:\Windows\System\cshVCwt.exe
  C:\Windows\System\cshVCwt.exe
  2⤵
  PID:4852
- C:\Windows\System\ajRJgPI.exe
  C:\Windows\System\ajRJgPI.exe
  2⤵
  PID:1200
- C:\Windows\System\yyzSFxS.exe
  C:\Windows\System\yyzSFxS.exe
  2⤵
  PID:4888
- C:\Windows\System\ZQgyEEX.exe
  C:\Windows\System\ZQgyEEX.exe
  2⤵
  PID:4944
- C:\Windows\System\vEVapBj.exe
  C:\Windows\System\vEVapBj.exe
  2⤵
  PID:4928
- C:\Windows\System\bQJZEgj.exe
  C:\Windows\System\bQJZEgj.exe
  2⤵
  PID:4972
- C:\Windows\System\DgejCRW.exe
  C:\Windows\System\DgejCRW.exe
  2⤵
  PID:796
- C:\Windows\System\AGzXoXR.exe
  C:\Windows\System\AGzXoXR.exe
  2⤵
  PID:5008
- C:\Windows\System\taITZtk.exe
  C:\Windows\System\taITZtk.exe
  2⤵
  PID:5108
- C:\Windows\System\IfwRtTi.exe
  C:\Windows\System\IfwRtTi.exe
  2⤵
  PID:4036
- C:\Windows\System\rSpuSWP.exe
  C:\Windows\System\rSpuSWP.exe
  2⤵
  PID:3452
- C:\Windows\System\usbpiaX.exe
  C:\Windows\System\usbpiaX.exe
  2⤵
  PID:1824
- C:\Windows\System\BQgDDgN.exe
  C:\Windows\System\BQgDDgN.exe
  2⤵
  PID:3912
- C:\Windows\System\tpDbohe.exe
  C:\Windows\System\tpDbohe.exe
  2⤵
  PID:3292
- C:\Windows\System\mCVEEVH.exe
  C:\Windows\System\mCVEEVH.exe
  2⤵
  PID:4120
- C:\Windows\System\pAVRzlW.exe
  C:\Windows\System\pAVRzlW.exe
  2⤵
  PID:3624
- C:\Windows\System\HVbnkvf.exe
  C:\Windows\System\HVbnkvf.exe
  2⤵
  PID:4140
- C:\Windows\System\nNqYtng.exe
  C:\Windows\System\nNqYtng.exe
  2⤵
  PID:4208
- C:\Windows\System\ystQXbM.exe
  C:\Windows\System\ystQXbM.exe
  2⤵
  PID:4204
- C:\Windows\System\YlblZrJ.exe
  C:\Windows\System\YlblZrJ.exe
  2⤵
  PID:4388
- C:\Windows\System\wqSChHa.exe
  C:\Windows\System\wqSChHa.exe
  2⤵
  PID:2788
- C:\Windows\System\qssjoBs.exe
  C:\Windows\System\qssjoBs.exe
  2⤵
  PID:4332
- C:\Windows\System\UbwjOLN.exe
  C:\Windows\System\UbwjOLN.exe
  2⤵
  PID:4576
- C:\Windows\System\yhsFEku.exe
  C:\Windows\System\yhsFEku.exe
  2⤵
  PID:4624
- C:\Windows\System\zIDlDIf.exe
  C:\Windows\System\zIDlDIf.exe
  2⤵
  PID:4484
- C:\Windows\System\gwvINHj.exe
  C:\Windows\System\gwvINHj.exe
  2⤵
  PID:4584
- C:\Windows\System\rgXIHEb.exe
  C:\Windows\System\rgXIHEb.exe
  2⤵
  PID:4668
- C:\Windows\System\yVSPcFv.exe
  C:\Windows\System\yVSPcFv.exe
  2⤵
  PID:4728
- C:\Windows\System\hOJnDgv.exe
  C:\Windows\System\hOJnDgv.exe
  2⤵
  PID:4808
- C:\Windows\System\NRkhQsM.exe
  C:\Windows\System\NRkhQsM.exe
  2⤵
  PID:1908
- C:\Windows\System\qJYMSLF.exe
  C:\Windows\System\qJYMSLF.exe
  2⤵
  PID:1820
- C:\Windows\System\fprsmdV.exe
  C:\Windows\System\fprsmdV.exe
  2⤵
  PID:4912
- C:\Windows\System\YWsbJNW.exe
  C:\Windows\System\YWsbJNW.exe
  2⤵
  PID:4956
- C:\Windows\System\YNkEMAl.exe
  C:\Windows\System\YNkEMAl.exe
  2⤵
  PID:4948
- C:\Windows\System\yXHdfsz.exe
  C:\Windows\System\yXHdfsz.exe
  2⤵
  PID:5068
- C:\Windows\System\tcmsZJO.exe
  C:\Windows\System\tcmsZJO.exe
  2⤵
  PID:5032
- C:\Windows\System\eyNISsG.exe
  C:\Windows\System\eyNISsG.exe
  2⤵
  PID:1688
- C:\Windows\System\bbOfQTI.exe
  C:\Windows\System\bbOfQTI.exe
  2⤵
  PID:3252
- C:\Windows\System\wiOtaKS.exe
  C:\Windows\System\wiOtaKS.exe
  2⤵
  PID:2144
- C:\Windows\System\NUHDlYT.exe
  C:\Windows\System\NUHDlYT.exe
  2⤵
  PID:328
- C:\Windows\System\GMNJooj.exe
  C:\Windows\System\GMNJooj.exe
  2⤵
  PID:3536
- C:\Windows\System\XfHhSMQ.exe
  C:\Windows\System\XfHhSMQ.exe
  2⤵
  PID:4312
- C:\Windows\System\KaKmQzs.exe
  C:\Windows\System\KaKmQzs.exe
  2⤵
  PID:4244
- C:\Windows\System\cHkIBTJ.exe
  C:\Windows\System\cHkIBTJ.exe
  2⤵
  PID:2760
- C:\Windows\System\eMuqkiN.exe
  C:\Windows\System\eMuqkiN.exe
  2⤵
  PID:2296
- C:\Windows\System\KNuviMP.exe
  C:\Windows\System\KNuviMP.exe
  2⤵
  PID:4288
- C:\Windows\System\wINTtzA.exe
  C:\Windows\System\wINTtzA.exe
  2⤵
  PID:4620
- C:\Windows\System\YLfOcLg.exe
  C:\Windows\System\YLfOcLg.exe
  2⤵
  PID:4788
- C:\Windows\System\TgQPGjO.exe
  C:\Windows\System\TgQPGjO.exe
  2⤵
  PID:4560
- C:\Windows\System\OpaidsZ.exe
  C:\Windows\System\OpaidsZ.exe
  2⤵
  PID:568
- C:\Windows\System\TFNyulm.exe
  C:\Windows\System\TFNyulm.exe
  2⤵
  PID:4876
- C:\Windows\System\XUhaotx.exe
  C:\Windows\System\XUhaotx.exe
  2⤵
  PID:2920
- C:\Windows\System\zbqZaDW.exe
  C:\Windows\System\zbqZaDW.exe
  2⤵
  PID:1828
- C:\Windows\System\MleJkoW.exe
  C:\Windows\System\MleJkoW.exe
  2⤵
  PID:4032
- C:\Windows\System\NHISRfq.exe
  C:\Windows\System\NHISRfq.exe
  2⤵
  PID:2972
- C:\Windows\System\NWavbzY.exe
  C:\Windows\System\NWavbzY.exe
  2⤵
  PID:4124
- C:\Windows\System\RknmfHW.exe
  C:\Windows\System\RknmfHW.exe
  2⤵
  PID:3736
- C:\Windows\System\VGpNnYp.exe
  C:\Windows\System\VGpNnYp.exe
  2⤵
  PID:4232
- C:\Windows\System\cPOZAzf.exe
  C:\Windows\System\cPOZAzf.exe
  2⤵
  PID:4616
- C:\Windows\System\AZrwSST.exe
  C:\Windows\System\AZrwSST.exe
  2⤵
  PID:4724
- C:\Windows\System\DIPGsZR.exe
  C:\Windows\System\DIPGsZR.exe
  2⤵
  PID:4828
- C:\Windows\System\eTSmWTd.exe
  C:\Windows\System\eTSmWTd.exe
  2⤵
  PID:4804
- C:\Windows\System\XWUhWBI.exe
  C:\Windows\System\XWUhWBI.exe
  2⤵
  PID:4772
- C:\Windows\System\TABQLIh.exe
  C:\Windows\System\TABQLIh.exe
  2⤵
  PID:5028
- C:\Windows\System\NWOCkNY.exe
  C:\Windows\System\NWOCkNY.exe
  2⤵
  PID:2060
- C:\Windows\System\veFAnxA.exe
  C:\Windows\System\veFAnxA.exe
  2⤵
  PID:4304
- C:\Windows\System\kWrQtuW.exe
  C:\Windows\System\kWrQtuW.exe
  2⤵
  PID:4456
- C:\Windows\System\ImOGHtR.exe
  C:\Windows\System\ImOGHtR.exe
  2⤵
  PID:5136
- C:\Windows\System\begVMmU.exe
  C:\Windows\System\begVMmU.exe
  2⤵
  PID:5156
- C:\Windows\System\hEnsEtz.exe
  C:\Windows\System\hEnsEtz.exe
  2⤵
  PID:5176
- C:\Windows\System\jthAjMl.exe
  C:\Windows\System\jthAjMl.exe
  2⤵
  PID:5192
- C:\Windows\System\EiVTKhK.exe
  C:\Windows\System\EiVTKhK.exe
  2⤵
  PID:5216
- C:\Windows\System\LyRtqwk.exe
  C:\Windows\System\LyRtqwk.exe
  2⤵
  PID:5236
- C:\Windows\System\Rijvozq.exe
  C:\Windows\System\Rijvozq.exe
  2⤵
  PID:5256
- C:\Windows\System\BIHkyXm.exe
  C:\Windows\System\BIHkyXm.exe
  2⤵
  PID:5276
- C:\Windows\System\npDDTkn.exe
  C:\Windows\System\npDDTkn.exe
  2⤵
  PID:5296
- C:\Windows\System\mZNmNHd.exe
  C:\Windows\System\mZNmNHd.exe
  2⤵
  PID:5316
- C:\Windows\System\GoCBPDE.exe
  C:\Windows\System\GoCBPDE.exe
  2⤵
  PID:5336
- C:\Windows\System\UywqGBo.exe
  C:\Windows\System\UywqGBo.exe
  2⤵
  PID:5356
- C:\Windows\System\aOORyJL.exe
  C:\Windows\System\aOORyJL.exe
  2⤵
  PID:5376
- C:\Windows\System\SPtmhhg.exe
  C:\Windows\System\SPtmhhg.exe
  2⤵
  PID:5392
- C:\Windows\System\XOfDefh.exe
  C:\Windows\System\XOfDefh.exe
  2⤵
  PID:5420
- C:\Windows\System\NOQBzrN.exe
  C:\Windows\System\NOQBzrN.exe
  2⤵
  PID:5440
- C:\Windows\System\XLvhHzQ.exe
  C:\Windows\System\XLvhHzQ.exe
  2⤵
  PID:5460
- C:\Windows\System\jrDWJYf.exe
  C:\Windows\System\jrDWJYf.exe
  2⤵
  PID:5480
- C:\Windows\System\cZJDGkB.exe
  C:\Windows\System\cZJDGkB.exe
  2⤵
  PID:5500
- C:\Windows\System\mBfWGSx.exe
  C:\Windows\System\mBfWGSx.exe
  2⤵
  PID:5520
- C:\Windows\System\VxIrhsM.exe
  C:\Windows\System\VxIrhsM.exe
  2⤵
  PID:5540
- C:\Windows\System\jmNORkS.exe
  C:\Windows\System\jmNORkS.exe
  2⤵
  PID:5560
- C:\Windows\System\LYiskRC.exe
  C:\Windows\System\LYiskRC.exe
  2⤵
  PID:5580
- C:\Windows\System\NGfXaSC.exe
  C:\Windows\System\NGfXaSC.exe
  2⤵
  PID:5600
- C:\Windows\System\pjpDRgy.exe
  C:\Windows\System\pjpDRgy.exe
  2⤵
  PID:5620
- C:\Windows\System\VLAEzAn.exe
  C:\Windows\System\VLAEzAn.exe
  2⤵
  PID:5640
- C:\Windows\System\gkUYhaC.exe
  C:\Windows\System\gkUYhaC.exe
  2⤵
  PID:5660
- C:\Windows\System\kwmOHWD.exe
  C:\Windows\System\kwmOHWD.exe
  2⤵
  PID:5680
- C:\Windows\System\xBHrhjA.exe
  C:\Windows\System\xBHrhjA.exe
  2⤵
  PID:5700
- C:\Windows\System\aWLFQdX.exe
  C:\Windows\System\aWLFQdX.exe
  2⤵
  PID:5724
- C:\Windows\System\WWJURhb.exe
  C:\Windows\System\WWJURhb.exe
  2⤵
  PID:5744
- C:\Windows\System\UwXbvos.exe
  C:\Windows\System\UwXbvos.exe
  2⤵
  PID:5764
- C:\Windows\System\KCrQgoU.exe
  C:\Windows\System\KCrQgoU.exe
  2⤵
  PID:5784
- C:\Windows\System\pgUvBDM.exe
  C:\Windows\System\pgUvBDM.exe
  2⤵
  PID:5804
- C:\Windows\System\HvnDPZQ.exe
  C:\Windows\System\HvnDPZQ.exe
  2⤵
  PID:5824
- C:\Windows\System\BiFuYQK.exe
  C:\Windows\System\BiFuYQK.exe
  2⤵
  PID:5844
- C:\Windows\System\GnbJOTg.exe
  C:\Windows\System\GnbJOTg.exe
  2⤵
  PID:5864
- C:\Windows\System\elJCkYf.exe
  C:\Windows\System\elJCkYf.exe
  2⤵
  PID:5884
- C:\Windows\System\jjpuPdB.exe
  C:\Windows\System\jjpuPdB.exe
  2⤵
  PID:5904
- C:\Windows\System\CfiVjZC.exe
  C:\Windows\System\CfiVjZC.exe
  2⤵
  PID:5924
- C:\Windows\System\zDlXMpn.exe
  C:\Windows\System\zDlXMpn.exe
  2⤵
  PID:5944
- C:\Windows\System\EVsjQxj.exe
  C:\Windows\System\EVsjQxj.exe
  2⤵
  PID:5964
- C:\Windows\System\GlppVgW.exe
  C:\Windows\System\GlppVgW.exe
  2⤵
  PID:5984
- C:\Windows\System\JMgfuXB.exe
  C:\Windows\System\JMgfuXB.exe
  2⤵
  PID:6004
- C:\Windows\System\IbEeIJC.exe
  C:\Windows\System\IbEeIJC.exe
  2⤵
  PID:6024
- C:\Windows\System\OUGWFFB.exe
  C:\Windows\System\OUGWFFB.exe
  2⤵
  PID:6044
- C:\Windows\System\XERSjkD.exe
  C:\Windows\System\XERSjkD.exe
  2⤵
  PID:6064
- C:\Windows\System\mQszqGl.exe
  C:\Windows\System\mQszqGl.exe
  2⤵
  PID:6080
- C:\Windows\System\MhZWVvQ.exe
  C:\Windows\System\MhZWVvQ.exe
  2⤵
  PID:6108
- C:\Windows\System\uFulLHs.exe
  C:\Windows\System\uFulLHs.exe
  2⤵
  PID:6124
- C:\Windows\System\XmknBTn.exe
  C:\Windows\System\XmknBTn.exe
  2⤵
  PID:4544
- C:\Windows\System\nvIRzCl.exe
  C:\Windows\System\nvIRzCl.exe
  2⤵
  PID:2852
- C:\Windows\System\aCormbF.exe
  C:\Windows\System\aCormbF.exe
  2⤵
  PID:2300
- C:\Windows\System\omsRokZ.exe
  C:\Windows\System\omsRokZ.exe
  2⤵
  PID:5092
- C:\Windows\System\HbPBlTd.exe
  C:\Windows\System\HbPBlTd.exe
  2⤵
  PID:5128
- C:\Windows\System\QtcaBaJ.exe
  C:\Windows\System\QtcaBaJ.exe
  2⤵
  PID:5200
- C:\Windows\System\kZARMwv.exe
  C:\Windows\System\kZARMwv.exe
  2⤵
  PID:5188
- C:\Windows\System\AZMBrhM.exe
  C:\Windows\System\AZMBrhM.exe
  2⤵
  PID:5252
- C:\Windows\System\dvGZXwo.exe
  C:\Windows\System\dvGZXwo.exe
  2⤵
  PID:5292
- C:\Windows\System\slSWetO.exe
  C:\Windows\System\slSWetO.exe
  2⤵
  PID:5288
- C:\Windows\System\ppZTnBd.exe
  C:\Windows\System\ppZTnBd.exe
  2⤵
  PID:5308
- C:\Windows\System\rtCIMJD.exe
  C:\Windows\System\rtCIMJD.exe
  2⤵
  PID:5368
- C:\Windows\System\lOTJNJE.exe
  C:\Windows\System\lOTJNJE.exe
  2⤵
  PID:5416
- C:\Windows\System\ZtPayAA.exe
  C:\Windows\System\ZtPayAA.exe
  2⤵
  PID:5428
- C:\Windows\System\gxGAitr.exe
  C:\Windows\System\gxGAitr.exe
  2⤵
  PID:5432
- C:\Windows\System\OegYHPP.exe
  C:\Windows\System\OegYHPP.exe
  2⤵
  PID:5476
- C:\Windows\System\SkGmWPm.exe
  C:\Windows\System\SkGmWPm.exe
  2⤵
  PID:5532
- C:\Windows\System\oDyTHmn.exe
  C:\Windows\System\oDyTHmn.exe
  2⤵
  PID:5608
- C:\Windows\System\vYPYOEp.exe
  C:\Windows\System\vYPYOEp.exe
  2⤵
  PID:5592
- C:\Windows\System\qUBBCFs.exe
  C:\Windows\System\qUBBCFs.exe
  2⤵
  PID:5648
- C:\Windows\System\omwvtyf.exe
  C:\Windows\System\omwvtyf.exe
  2⤵
  PID:5668
- C:\Windows\System\fBMkPZL.exe
  C:\Windows\System\fBMkPZL.exe
  2⤵
  PID:5676
- C:\Windows\System\GbBHAGk.exe
  C:\Windows\System\GbBHAGk.exe
  2⤵
  PID:5740
- C:\Windows\System\Rohhtqi.exe
  C:\Windows\System\Rohhtqi.exe
  2⤵
  PID:5760
- C:\Windows\System\GSRLfip.exe
  C:\Windows\System\GSRLfip.exe
  2⤵
  PID:5800
- C:\Windows\System\LzeqfnZ.exe
  C:\Windows\System\LzeqfnZ.exe
  2⤵
  PID:5832
- C:\Windows\System\nkHxDOq.exe
  C:\Windows\System\nkHxDOq.exe
  2⤵
  PID:5880
- C:\Windows\System\NOYBmCR.exe
  C:\Windows\System\NOYBmCR.exe
  2⤵
  PID:5920
- C:\Windows\System\dEDPaeR.exe
  C:\Windows\System\dEDPaeR.exe
  2⤵
  PID:5916
- C:\Windows\System\CmOyPrF.exe
  C:\Windows\System\CmOyPrF.exe
  2⤵
  PID:5956
- C:\Windows\System\HoqwYTe.exe
  C:\Windows\System\HoqwYTe.exe
  2⤵
  PID:5992
- C:\Windows\System\dLsNqaB.exe
  C:\Windows\System\dLsNqaB.exe
  2⤵
  PID:6060
- C:\Windows\System\pxlMWnA.exe
  C:\Windows\System\pxlMWnA.exe
  2⤵
  PID:6088
- C:\Windows\System\orviuYC.exe
  C:\Windows\System\orviuYC.exe
  2⤵
  PID:6104
- C:\Windows\System\cooGvgs.exe
  C:\Windows\System\cooGvgs.exe
  2⤵
  PID:3188
- C:\Windows\System\sxAgKrZ.exe
  C:\Windows\System\sxAgKrZ.exe
  2⤵
  PID:5716
- C:\Windows\System\YJneOdW.exe
  C:\Windows\System\YJneOdW.exe
  2⤵
  PID:2872
- C:\Windows\System\KAKSlic.exe
  C:\Windows\System\KAKSlic.exe
  2⤵
  PID:1280
- C:\Windows\System\FFbopyI.exe
  C:\Windows\System\FFbopyI.exe
  2⤵
  PID:580
- C:\Windows\System\sAvoxFp.exe
  C:\Windows\System\sAvoxFp.exe
  2⤵
  PID:1508
- C:\Windows\System\vZgmGpF.exe
  C:\Windows\System\vZgmGpF.exe
  2⤵
  PID:4324
- C:\Windows\System\HEXebDa.exe
  C:\Windows\System\HEXebDa.exe
  2⤵
  PID:2020
- C:\Windows\System\CUHuxyJ.exe
  C:\Windows\System\CUHuxyJ.exe
  2⤵
  PID:1832
- C:\Windows\System\NTAYmxA.exe
  C:\Windows\System\NTAYmxA.exe
  2⤵
  PID:3084
- C:\Windows\System\RcYiYAC.exe
  C:\Windows\System\RcYiYAC.exe
  2⤵
  PID:3036
- C:\Windows\System\kYDlxMH.exe
  C:\Windows\System\kYDlxMH.exe
  2⤵
  PID:728
- C:\Windows\System\tNWhShd.exe
  C:\Windows\System\tNWhShd.exe
  2⤵
  PID:5212
- C:\Windows\System\kWspODc.exe
  C:\Windows\System\kWspODc.exe
  2⤵
  PID:5228
- C:\Windows\System\ZWUjIjK.exe
  C:\Windows\System\ZWUjIjK.exe
  2⤵
  PID:5312
- C:\Windows\System\WmgOGNT.exe
  C:\Windows\System\WmgOGNT.exe
  2⤵
  PID:2436
- C:\Windows\System\SgQXcCK.exe
  C:\Windows\System\SgQXcCK.exe
  2⤵
  PID:2680
- C:\Windows\System\TjwxsiX.exe
  C:\Windows\System\TjwxsiX.exe
  2⤵
  PID:5224
- C:\Windows\System\knFcAll.exe
  C:\Windows\System\knFcAll.exe
  2⤵
  PID:5508
- C:\Windows\System\ZDCDTUK.exe
  C:\Windows\System\ZDCDTUK.exe
  2⤵
  PID:5016
- C:\Windows\System\mPwYSiK.exe
  C:\Windows\System\mPwYSiK.exe
  2⤵
  PID:5488
- C:\Windows\System\tXbkuso.exe
  C:\Windows\System\tXbkuso.exe
  2⤵
  PID:5596
- C:\Windows\System\GgUPOlw.exe
  C:\Windows\System\GgUPOlw.exe
  2⤵
  PID:5712
- C:\Windows\System\ehFqDTy.exe
  C:\Windows\System\ehFqDTy.exe
  2⤵
  PID:3020
- C:\Windows\System\MpVqxbm.exe
  C:\Windows\System\MpVqxbm.exe
  2⤵
  PID:5856
- C:\Windows\System\yVSnbxB.exe
  C:\Windows\System\yVSnbxB.exe
  2⤵
  PID:5876
- C:\Windows\System\FQtjhOy.exe
  C:\Windows\System\FQtjhOy.exe
  2⤵
  PID:4968
- C:\Windows\System\zRvwndl.exe
  C:\Windows\System\zRvwndl.exe
  2⤵
  PID:2704
- C:\Windows\System\boGTCnL.exe
  C:\Windows\System\boGTCnL.exe
  2⤵
  PID:5572
- C:\Windows\System\nqrgMnj.exe
  C:\Windows\System\nqrgMnj.exe
  2⤵
  PID:6040
- C:\Windows\System\tZnVwbt.exe
  C:\Windows\System\tZnVwbt.exe
  2⤵
  PID:5816
- C:\Windows\System\qLFKQDw.exe
  C:\Windows\System\qLFKQDw.exe
  2⤵
  PID:6136
- C:\Windows\System\rMLPfoA.exe
  C:\Windows\System\rMLPfoA.exe
  2⤵
  PID:6072
- C:\Windows\System\DRjaBcE.exe
  C:\Windows\System\DRjaBcE.exe
  2⤵
  PID:3444
- C:\Windows\System\KozuDEN.exe
  C:\Windows\System\KozuDEN.exe
  2⤵
  PID:5996
- C:\Windows\System\PyuCDpu.exe
  C:\Windows\System\PyuCDpu.exe
  2⤵
  PID:2736
- C:\Windows\System\AezrmFM.exe
  C:\Windows\System\AezrmFM.exe
  2⤵
  PID:1428
- C:\Windows\System\tkhnvSt.exe
  C:\Windows\System\tkhnvSt.exe
  2⤵
  PID:1452
- C:\Windows\System\MuuzVdt.exe
  C:\Windows\System\MuuzVdt.exe
  2⤵
  PID:2772
- C:\Windows\System\SJVdtIp.exe
  C:\Windows\System\SJVdtIp.exe
  2⤵
  PID:5152
- C:\Windows\System\KxlZfKr.exe
  C:\Windows\System\KxlZfKr.exe
  2⤵
  PID:5164
- C:\Windows\System\XEYYYwb.exe
  C:\Windows\System\XEYYYwb.exe
  2⤵
  PID:5168
- C:\Windows\System\ZGjTSDw.exe
  C:\Windows\System\ZGjTSDw.exe
  2⤵
  PID:5452
- C:\Windows\System\tyHMwzA.exe
  C:\Windows\System\tyHMwzA.exe
  2⤵
  PID:5372
- C:\Windows\System\xsoUfzw.exe
  C:\Windows\System\xsoUfzw.exe
  2⤵
  PID:5516
- C:\Windows\System\wUEmZac.exe
  C:\Windows\System\wUEmZac.exe
  2⤵
  PID:2232
- C:\Windows\System\CqtsYBn.exe
  C:\Windows\System\CqtsYBn.exe
  2⤵
  PID:5652
- C:\Windows\System\buFHeaa.exe
  C:\Windows\System\buFHeaa.exe
  2⤵
  PID:5776
- C:\Windows\System\pNFUXYi.exe
  C:\Windows\System\pNFUXYi.exe
  2⤵
  PID:5752
- C:\Windows\System\maiGdwo.exe
  C:\Windows\System\maiGdwo.exe
  2⤵
  PID:6016
- C:\Windows\System\LevQhTo.exe
  C:\Windows\System\LevQhTo.exe
  2⤵
  PID:2072
- C:\Windows\System\UcyVxsi.exe
  C:\Windows\System\UcyVxsi.exe
  2⤵
  PID:5980
- C:\Windows\System\SuJdfhp.exe
  C:\Windows\System\SuJdfhp.exe
  2⤵
  PID:2496
- C:\Windows\System\vGuPhqW.exe
  C:\Windows\System\vGuPhqW.exe
  2⤵
  PID:6116
- C:\Windows\System\GbMYoJv.exe
  C:\Windows\System\GbMYoJv.exe
  2⤵
  PID:2032
- C:\Windows\System\XkHjbEW.exe
  C:\Windows\System\XkHjbEW.exe
  2⤵
  PID:2956
- C:\Windows\System\SLcsxjz.exe
  C:\Windows\System\SLcsxjz.exe
  2⤵
  PID:2780
- C:\Windows\System\WiFDRlT.exe
  C:\Windows\System\WiFDRlT.exe
  2⤵
  PID:5304
- C:\Windows\System\XqYtxfp.exe
  C:\Windows\System\XqYtxfp.exe
  2⤵
  PID:2476
- C:\Windows\System\fNxTBfu.exe
  C:\Windows\System\fNxTBfu.exe
  2⤵
  PID:5436
- C:\Windows\System\gXDAcJF.exe
  C:\Windows\System\gXDAcJF.exe
  2⤵
  PID:5720
- C:\Windows\System\KhRIBwW.exe
  C:\Windows\System\KhRIBwW.exe
  2⤵
  PID:5344
- C:\Windows\System\VMSzDnl.exe
  C:\Windows\System\VMSzDnl.exe
  2⤵
  PID:5900
- C:\Windows\System\nSSjZNf.exe
  C:\Windows\System\nSSjZNf.exe
  2⤵
  PID:768
- C:\Windows\System\qNorylF.exe
  C:\Windows\System\qNorylF.exe
  2⤵
  PID:6120
- C:\Windows\System\GwGYiFQ.exe
  C:\Windows\System\GwGYiFQ.exe
  2⤵
  PID:4848
- C:\Windows\System\arfuTId.exe
  C:\Windows\System\arfuTId.exe
  2⤵
  PID:1324
- C:\Windows\System\rQOkeOX.exe
  C:\Windows\System\rQOkeOX.exe
  2⤵
  PID:5332
- C:\Windows\System\akLMwKD.exe
  C:\Windows\System\akLMwKD.exe
  2⤵
  PID:5400
- C:\Windows\System\TqqlAmZ.exe
  C:\Windows\System\TqqlAmZ.exe
  2⤵
  PID:5860
- C:\Windows\System\iGYsUlz.exe
  C:\Windows\System\iGYsUlz.exe
  2⤵
  PID:5852
- C:\Windows\System\MkOXeww.exe
  C:\Windows\System\MkOXeww.exe
  2⤵
  PID:6148
- C:\Windows\System\fuLhWZE.exe
  C:\Windows\System\fuLhWZE.exe
  2⤵
  PID:6168
- C:\Windows\System\xsnJEju.exe
  C:\Windows\System\xsnJEju.exe
  2⤵
  PID:6188
- C:\Windows\System\ROFhPOk.exe
  C:\Windows\System\ROFhPOk.exe
  2⤵
  PID:6216
- C:\Windows\System\UzLDoxQ.exe
  C:\Windows\System\UzLDoxQ.exe
  2⤵
  PID:6248
- C:\Windows\System\EtsvuEX.exe
  C:\Windows\System\EtsvuEX.exe
  2⤵
  PID:6272
- C:\Windows\System\GqEvczS.exe
  C:\Windows\System\GqEvczS.exe
  2⤵
  PID:6288
- C:\Windows\System\PXhvBWe.exe
  C:\Windows\System\PXhvBWe.exe
  2⤵
  PID:6308
- C:\Windows\System\djUXThY.exe
  C:\Windows\System\djUXThY.exe
  2⤵
  PID:6328
- C:\Windows\System\GIYxMOq.exe
  C:\Windows\System\GIYxMOq.exe
  2⤵
  PID:6344
- C:\Windows\System\VpYpjvs.exe
  C:\Windows\System\VpYpjvs.exe
  2⤵
  PID:6360
- C:\Windows\System\Gsrocgi.exe
  C:\Windows\System\Gsrocgi.exe
  2⤵
  PID:6380
- C:\Windows\System\nqdtnLc.exe
  C:\Windows\System\nqdtnLc.exe
  2⤵
  PID:6404
- C:\Windows\System\eMBHfhl.exe
  C:\Windows\System\eMBHfhl.exe
  2⤵
  PID:6420
- C:\Windows\System\JVXgVBr.exe
  C:\Windows\System\JVXgVBr.exe
  2⤵
  PID:6436
- C:\Windows\System\pOffozT.exe
  C:\Windows\System\pOffozT.exe
  2⤵
  PID:6464
- C:\Windows\System\tWstftM.exe
  C:\Windows\System\tWstftM.exe
  2⤵
  PID:6484
- C:\Windows\System\QGOxzHt.exe
  C:\Windows\System\QGOxzHt.exe
  2⤵
  PID:6504
- C:\Windows\System\IzVdIHM.exe
  C:\Windows\System\IzVdIHM.exe
  2⤵
  PID:6520
- C:\Windows\System\URQtdWg.exe
  C:\Windows\System\URQtdWg.exe
  2⤵
  PID:6536
- C:\Windows\System\fNSwprQ.exe
  C:\Windows\System\fNSwprQ.exe
  2⤵
  PID:6552
- C:\Windows\System\bbmyyLR.exe
  C:\Windows\System\bbmyyLR.exe
  2⤵
  PID:6568
- C:\Windows\System\oxcrnXx.exe
  C:\Windows\System\oxcrnXx.exe
  2⤵
  PID:6588
- C:\Windows\System\zbOXPTh.exe
  C:\Windows\System\zbOXPTh.exe
  2⤵
  PID:6616
- C:\Windows\System\KhtZlzz.exe
  C:\Windows\System\KhtZlzz.exe
  2⤵
  PID:6636
- C:\Windows\System\agFLpZd.exe
  C:\Windows\System\agFLpZd.exe
  2⤵
  PID:6672
- C:\Windows\System\ctDdEDc.exe
  C:\Windows\System\ctDdEDc.exe
  2⤵
  PID:6688
- C:\Windows\System\emiADxQ.exe
  C:\Windows\System\emiADxQ.exe
  2⤵
  PID:6708
- C:\Windows\System\Zprjaeh.exe
  C:\Windows\System\Zprjaeh.exe
  2⤵
  PID:6728
- C:\Windows\System\incPzVJ.exe
  C:\Windows\System\incPzVJ.exe
  2⤵
  PID:6744
- C:\Windows\System\JmyNMoQ.exe
  C:\Windows\System\JmyNMoQ.exe
  2⤵
  PID:6760
- C:\Windows\System\ZoCJwPM.exe
  C:\Windows\System\ZoCJwPM.exe
  2⤵
  PID:6784
- C:\Windows\System\JynpwSH.exe
  C:\Windows\System\JynpwSH.exe
  2⤵
  PID:6808
- C:\Windows\System\RkNwdvr.exe
  C:\Windows\System\RkNwdvr.exe
  2⤵
  PID:6828
- C:\Windows\System\vsUmili.exe
  C:\Windows\System\vsUmili.exe
  2⤵
  PID:6844
- C:\Windows\System\xqBDLNp.exe
  C:\Windows\System\xqBDLNp.exe
  2⤵
  PID:6872
- C:\Windows\System\pCntsqG.exe
  C:\Windows\System\pCntsqG.exe
  2⤵
  PID:6888
- C:\Windows\System\zMVJgEi.exe
  C:\Windows\System\zMVJgEi.exe
  2⤵
  PID:6904
- C:\Windows\System\WxoQjkr.exe
  C:\Windows\System\WxoQjkr.exe
  2⤵
  PID:6924
- C:\Windows\System\VuQlwAe.exe
  C:\Windows\System\VuQlwAe.exe
  2⤵
  PID:6948
- C:\Windows\System\yyflwxN.exe
  C:\Windows\System\yyflwxN.exe
  2⤵
  PID:6968
- C:\Windows\System\eQsLpga.exe
  C:\Windows\System\eQsLpga.exe
  2⤵
  PID:6984
- C:\Windows\System\mhRNIPN.exe
  C:\Windows\System\mhRNIPN.exe
  2⤵
  PID:7000
- C:\Windows\System\PzQvpzs.exe
  C:\Windows\System\PzQvpzs.exe
  2⤵
  PID:7024
- C:\Windows\System\wqEhNYo.exe
  C:\Windows\System\wqEhNYo.exe
  2⤵
  PID:7044
- C:\Windows\System\fpIgugi.exe
  C:\Windows\System\fpIgugi.exe
  2⤵
  PID:7060
- C:\Windows\System\lTEVjLD.exe
  C:\Windows\System\lTEVjLD.exe
  2⤵
  PID:7088
- C:\Windows\System\ouIZCpg.exe
  C:\Windows\System\ouIZCpg.exe
  2⤵
  PID:7104
- C:\Windows\System\ExVharv.exe
  C:\Windows\System\ExVharv.exe
  2⤵
  PID:7124
- C:\Windows\System\ZapssUH.exe
  C:\Windows\System\ZapssUH.exe
  2⤵
  PID:7140
- C:\Windows\System\AmJKwjx.exe
  C:\Windows\System\AmJKwjx.exe
  2⤵
  PID:7164
- C:\Windows\System\DRskXHu.exe
  C:\Windows\System\DRskXHu.exe
  2⤵
  PID:1204
- C:\Windows\System\XGlTMtW.exe
  C:\Windows\System\XGlTMtW.exe
  2⤵
  PID:5696
- C:\Windows\System\zeaiTVg.exe
  C:\Windows\System\zeaiTVg.exe
  2⤵
  PID:6164
- C:\Windows\System\qCKfojo.exe
  C:\Windows\System\qCKfojo.exe
  2⤵
  PID:5708
- C:\Windows\System\sxnndXB.exe
  C:\Windows\System\sxnndXB.exe
  2⤵
  PID:5496
- C:\Windows\System\AGSWXZs.exe
  C:\Windows\System\AGSWXZs.exe
  2⤵
  PID:276
- C:\Windows\System\jRBhOzV.exe
  C:\Windows\System\jRBhOzV.exe
  2⤵
  PID:6184
- C:\Windows\System\RQatdVP.exe
  C:\Windows\System\RQatdVP.exe
  2⤵
  PID:6240
- C:\Windows\System\QBBMQeV.exe
  C:\Windows\System\QBBMQeV.exe
  2⤵
  PID:6296
- C:\Windows\System\WCCmLGR.exe
  C:\Windows\System\WCCmLGR.exe
  2⤵
  PID:6316
- C:\Windows\System\UrdgLJD.exe
  C:\Windows\System\UrdgLJD.exe
  2⤵
  PID:6340
- C:\Windows\System\wcdNEcA.exe
  C:\Windows\System\wcdNEcA.exe
  2⤵
  PID:6320
- C:\Windows\System\bYEmTZH.exe
  C:\Windows\System\bYEmTZH.exe
  2⤵
  PID:6352
- C:\Windows\System\hlKiIPW.exe
  C:\Windows\System\hlKiIPW.exe
  2⤵
  PID:6448
- C:\Windows\System\mOLnkNZ.exe
  C:\Windows\System\mOLnkNZ.exe
  2⤵
  PID:6564
- C:\Windows\System\mjgDIvg.exe
  C:\Windows\System\mjgDIvg.exe
  2⤵
  PID:6608
- C:\Windows\System\GuMixzH.exe
  C:\Windows\System\GuMixzH.exe
  2⤵
  PID:6544
- C:\Windows\System\nAfcoSn.exe
  C:\Windows\System\nAfcoSn.exe
  2⤵
  PID:6476
- C:\Windows\System\JNTTXyF.exe
  C:\Windows\System\JNTTXyF.exe
  2⤵
  PID:6660
- C:\Windows\System\DIgYmpf.exe
  C:\Windows\System\DIgYmpf.exe
  2⤵
  PID:6628
- C:\Windows\System\MrSTHNI.exe
  C:\Windows\System\MrSTHNI.exe
  2⤵
  PID:6684
- C:\Windows\System\BNuRGHx.exe
  C:\Windows\System\BNuRGHx.exe
  2⤵
  PID:6716
- C:\Windows\System\NjUuAPF.exe
  C:\Windows\System\NjUuAPF.exe
  2⤵
  PID:6772
- C:\Windows\System\BAqzVvA.exe
  C:\Windows\System\BAqzVvA.exe
  2⤵
  PID:6796
- C:\Windows\System\FZfiDRL.exe
  C:\Windows\System\FZfiDRL.exe
  2⤵
  PID:6804
- C:\Windows\System\tvVbNHN.exe
  C:\Windows\System\tvVbNHN.exe
  2⤵
  PID:6856
- C:\Windows\System\UiVrYjE.exe
  C:\Windows\System\UiVrYjE.exe
  2⤵
  PID:6868
- C:\Windows\System\spmMuir.exe
  C:\Windows\System\spmMuir.exe
  2⤵
  PID:6932
- C:\Windows\System\vCmYGhF.exe
  C:\Windows\System\vCmYGhF.exe
  2⤵
  PID:6980
- C:\Windows\System\RNBLiat.exe
  C:\Windows\System\RNBLiat.exe
  2⤵
  PID:7012
- C:\Windows\System\WKXkrXZ.exe
  C:\Windows\System\WKXkrXZ.exe
  2⤵
  PID:7056
- C:\Windows\System\aNpFQNk.exe
  C:\Windows\System\aNpFQNk.exe
  2⤵
  PID:7036
- C:\Windows\System\lyEWtCP.exe
  C:\Windows\System\lyEWtCP.exe
  2⤵
  PID:7084
- C:\Windows\System\XYlgUbp.exe
  C:\Windows\System\XYlgUbp.exe
  2⤵
  PID:7100
- C:\Windows\System\MCkHcMk.exe
  C:\Windows\System\MCkHcMk.exe
  2⤵
  PID:3756
- C:\Windows\System\MoZpUVY.exe
  C:\Windows\System\MoZpUVY.exe
  2⤵
  PID:6076
- C:\Windows\System\LzZQwzk.exe
  C:\Windows\System\LzZQwzk.exe
  2⤵
  PID:6256
- C:\Windows\System\XLTBIaa.exe
  C:\Windows\System\XLTBIaa.exe
  2⤵
  PID:3040
- C:\Windows\System\sAjWjnM.exe
  C:\Windows\System\sAjWjnM.exe
  2⤵
  PID:7160
- C:\Windows\System\mVLtPRf.exe
  C:\Windows\System\mVLtPRf.exe
  2⤵
  PID:6268
- C:\Windows\System\spLIrTI.exe
  C:\Windows\System\spLIrTI.exe
  2⤵
  PID:6392
- C:\Windows\System\KbtOezd.exe
  C:\Windows\System\KbtOezd.exe
  2⤵
  PID:6228
- C:\Windows\System\txHIDoz.exe
  C:\Windows\System\txHIDoz.exe
  2⤵
  PID:6452
- C:\Windows\System\UjMzHGh.exe
  C:\Windows\System\UjMzHGh.exe
  2⤵
  PID:6528
- C:\Windows\System\OIrHUWR.exe
  C:\Windows\System\OIrHUWR.exe
  2⤵
  PID:6516
- C:\Windows\System\ZfvnyeJ.exe
  C:\Windows\System\ZfvnyeJ.exe
  2⤵
  PID:6472
- C:\Windows\System\AKlGUZl.exe
  C:\Windows\System\AKlGUZl.exe
  2⤵
  PID:6512
- C:\Windows\System\RgyJMFy.exe
  C:\Windows\System\RgyJMFy.exe
  2⤵
  PID:6724
- C:\Windows\System\fQVhihy.exe
  C:\Windows\System\fQVhihy.exe
  2⤵
  PID:6756
- C:\Windows\System\ncXawFz.exe
  C:\Windows\System\ncXawFz.exe
  2⤵
  PID:6840
- C:\Windows\System\KxHwLck.exe
  C:\Windows\System\KxHwLck.exe
  2⤵
  PID:6700
- C:\Windows\System\yFIFGMw.exe
  C:\Windows\System\yFIFGMw.exe
  2⤵
  PID:6916
- C:\Windows\System\wZzPhoj.exe
  C:\Windows\System\wZzPhoj.exe
  2⤵
  PID:6912
- C:\Windows\System\HmaUJag.exe
  C:\Windows\System\HmaUJag.exe
  2⤵
  PID:6936
- C:\Windows\System\GGiWgBj.exe
  C:\Windows\System\GGiWgBj.exe
  2⤵
  PID:7040
- C:\Windows\System\dgPWxkp.exe
  C:\Windows\System\dgPWxkp.exe
  2⤵
  PID:6208
- C:\Windows\System\llHELeV.exe
  C:\Windows\System\llHELeV.exe
  2⤵
  PID:6212
- C:\Windows\System\DaGZZUz.exe
  C:\Windows\System\DaGZZUz.exe
  2⤵
  PID:7152
- C:\Windows\System\FBkholU.exe
  C:\Windows\System\FBkholU.exe
  2⤵
  PID:7156
- C:\Windows\System\mHRjKkv.exe
  C:\Windows\System\mHRjKkv.exe
  2⤵
  PID:6180
- C:\Windows\System\WQzpVyu.exe
  C:\Windows\System\WQzpVyu.exe
  2⤵
  PID:6432
- C:\Windows\System\DAByFVF.exe
  C:\Windows\System\DAByFVF.exe
  2⤵
  PID:6532
- C:\Windows\System\TXGSALs.exe
  C:\Windows\System\TXGSALs.exe
  2⤵
  PID:6600
- C:\Windows\System\PaaaRUW.exe
  C:\Windows\System\PaaaRUW.exe
  2⤵
  PID:6548
- C:\Windows\System\UQORUOf.exe
  C:\Windows\System\UQORUOf.exe
  2⤵
  PID:7136
- C:\Windows\System\SGkrMns.exe
  C:\Windows\System\SGkrMns.exe
  2⤵
  PID:6816
- C:\Windows\System\yyjpeMD.exe
  C:\Windows\System\yyjpeMD.exe
  2⤵
  PID:6896
- C:\Windows\System\xyjBRHR.exe
  C:\Windows\System\xyjBRHR.exe
  2⤵
  PID:7112
- C:\Windows\System\mpkeUMf.exe
  C:\Windows\System\mpkeUMf.exe
  2⤵
  PID:7096
- C:\Windows\System\umFzUnl.exe
  C:\Windows\System\umFzUnl.exe
  2⤵
  PID:6996
- C:\Windows\System\XEFCYBj.exe
  C:\Windows\System\XEFCYBj.exe
  2⤵
  PID:6428
- C:\Windows\System\uMkMjrb.exe
  C:\Windows\System\uMkMjrb.exe
  2⤵
  PID:6244
- C:\Windows\System\AcRHLGt.exe
  C:\Windows\System\AcRHLGt.exe
  2⤵
  PID:1948
- C:\Windows\System\tvuwqXh.exe
  C:\Windows\System\tvuwqXh.exe
  2⤵
  PID:6752
- C:\Windows\System\cXxTQfi.exe
  C:\Windows\System\cXxTQfi.exe
  2⤵
  PID:6964
- C:\Windows\System\AElwdCM.exe
  C:\Windows\System\AElwdCM.exe
  2⤵
  PID:6852
- C:\Windows\System\riRHQGB.exe
  C:\Windows\System\riRHQGB.exe
  2⤵
  PID:7072
- C:\Windows\System\sPpXJtx.exe
  C:\Windows\System\sPpXJtx.exe
  2⤵
  PID:6160
- C:\Windows\System\tYDQkVw.exe
  C:\Windows\System\tYDQkVw.exe
  2⤵
  PID:7020
- C:\Windows\System\gVnvTrV.exe
  C:\Windows\System\gVnvTrV.exe
  2⤵
  PID:6412
- C:\Windows\System\gVRIqql.exe
  C:\Windows\System\gVRIqql.exe
  2⤵
  PID:6204
- C:\Windows\System\hEHABwJ.exe
  C:\Windows\System\hEHABwJ.exe
  2⤵
  PID:6648
- C:\Windows\System\TuJluDH.exe
  C:\Windows\System\TuJluDH.exe
  2⤵
  PID:5976
- C:\Windows\System\XxcGeGt.exe
  C:\Windows\System\XxcGeGt.exe
  2⤵
  PID:7016
- C:\Windows\System\wZvufBg.exe
  C:\Windows\System\wZvufBg.exe
  2⤵
  PID:6668
- C:\Windows\System\KXWJBrH.exe
  C:\Windows\System\KXWJBrH.exe
  2⤵
  PID:7052
- C:\Windows\System\WgpHOYV.exe
  C:\Windows\System\WgpHOYV.exe
  2⤵
  PID:6460
- C:\Windows\System\dsfyqJZ.exe
  C:\Windows\System\dsfyqJZ.exe
  2⤵
  PID:6944
- C:\Windows\System\BbFhlRE.exe
  C:\Windows\System\BbFhlRE.exe
  2⤵
  PID:7184
- C:\Windows\System\BLZpEPT.exe
  C:\Windows\System\BLZpEPT.exe
  2⤵
  PID:7204
- C:\Windows\System\XsuEHTM.exe
  C:\Windows\System\XsuEHTM.exe
  2⤵
  PID:7232
- C:\Windows\System\eYdrDTu.exe
  C:\Windows\System\eYdrDTu.exe
  2⤵
  PID:7248
- C:\Windows\System\sFCMaAY.exe
  C:\Windows\System\sFCMaAY.exe
  2⤵
  PID:7264
- C:\Windows\System\avFSIZy.exe
  C:\Windows\System\avFSIZy.exe
  2⤵
  PID:7280
- C:\Windows\System\vYozTDY.exe
  C:\Windows\System\vYozTDY.exe
  2⤵
  PID:7308
- C:\Windows\System\SMUajJY.exe
  C:\Windows\System\SMUajJY.exe
  2⤵
  PID:7324
- C:\Windows\System\awfLQYC.exe
  C:\Windows\System\awfLQYC.exe
  2⤵
  PID:7340
- C:\Windows\System\yxgwRvU.exe
  C:\Windows\System\yxgwRvU.exe
  2⤵
  PID:7380
- C:\Windows\System\emsxyNr.exe
  C:\Windows\System\emsxyNr.exe
  2⤵
  PID:7404
- C:\Windows\System\fEqzJKu.exe
  C:\Windows\System\fEqzJKu.exe
  2⤵
  PID:7424
- C:\Windows\System\TOAJKNZ.exe
  C:\Windows\System\TOAJKNZ.exe
  2⤵
  PID:7444
- C:\Windows\System\ZxHenbe.exe
  C:\Windows\System\ZxHenbe.exe
  2⤵
  PID:7460
- C:\Windows\System\SmGpzdp.exe
  C:\Windows\System\SmGpzdp.exe
  2⤵
  PID:7476
- C:\Windows\System\dKkPRFT.exe
  C:\Windows\System\dKkPRFT.exe
  2⤵
  PID:7496
- C:\Windows\System\ugKSqNI.exe
  C:\Windows\System\ugKSqNI.exe
  2⤵
  PID:7516
- C:\Windows\System\HHDKjYI.exe
  C:\Windows\System\HHDKjYI.exe
  2⤵
  PID:7532
- C:\Windows\System\RnUDqRs.exe
  C:\Windows\System\RnUDqRs.exe
  2⤵
  PID:7560
- C:\Windows\System\yyRUCMc.exe
  C:\Windows\System\yyRUCMc.exe
  2⤵
  PID:7584
- C:\Windows\System\yCbgJZc.exe
  C:\Windows\System\yCbgJZc.exe
  2⤵
  PID:7600
- C:\Windows\System\SldrXxE.exe
  C:\Windows\System\SldrXxE.exe
  2⤵
  PID:7620
- C:\Windows\System\rORvUwl.exe
  C:\Windows\System\rORvUwl.exe
  2⤵
  PID:7644
- C:\Windows\System\IBiOVsK.exe
  C:\Windows\System\IBiOVsK.exe
  2⤵
  PID:7664
- C:\Windows\System\qyYUxbe.exe
  C:\Windows\System\qyYUxbe.exe
  2⤵
  PID:7684
- C:\Windows\System\cVfPOix.exe
  C:\Windows\System\cVfPOix.exe
  2⤵
  PID:7700
- C:\Windows\System\XKAhmGe.exe
  C:\Windows\System\XKAhmGe.exe
  2⤵
  PID:7716
- C:\Windows\System\WgwCTQQ.exe
  C:\Windows\System\WgwCTQQ.exe
  2⤵
  PID:7732
- C:\Windows\System\tDqLTNS.exe
  C:\Windows\System\tDqLTNS.exe
  2⤵
  PID:7756
- C:\Windows\System\gmLZquw.exe
  C:\Windows\System\gmLZquw.exe
  2⤵
  PID:7772
- C:\Windows\System\FXFtNPn.exe
  C:\Windows\System\FXFtNPn.exe
  2⤵
  PID:7804
- C:\Windows\System\cETUaTy.exe
  C:\Windows\System\cETUaTy.exe
  2⤵
  PID:7820
- C:\Windows\System\kEJeVve.exe
  C:\Windows\System\kEJeVve.exe
  2⤵
  PID:7836
- C:\Windows\System\lRcszIJ.exe
  C:\Windows\System\lRcszIJ.exe
  2⤵
  PID:7852
- C:\Windows\System\BOHMxBl.exe
  C:\Windows\System\BOHMxBl.exe
  2⤵
  PID:7872
- C:\Windows\System\GpCYCCx.exe
  C:\Windows\System\GpCYCCx.exe
  2⤵
  PID:7892
- C:\Windows\System\ScuZlTj.exe
  C:\Windows\System\ScuZlTj.exe
  2⤵
  PID:7916
- C:\Windows\System\Cfkoney.exe
  C:\Windows\System\Cfkoney.exe
  2⤵
  PID:7936
- C:\Windows\System\zPsxRuc.exe
  C:\Windows\System\zPsxRuc.exe
  2⤵
  PID:7956
- C:\Windows\System\bzGNGjs.exe
  C:\Windows\System\bzGNGjs.exe
  2⤵
  PID:7980
- C:\Windows\System\qRqUFHT.exe
  C:\Windows\System\qRqUFHT.exe
  2⤵
  PID:7996
- C:\Windows\System\dBjzxdg.exe
  C:\Windows\System\dBjzxdg.exe
  2⤵
  PID:8012
- C:\Windows\System\jvOyrem.exe
  C:\Windows\System\jvOyrem.exe
  2⤵
  PID:8028
- C:\Windows\System\IkMnfnk.exe
  C:\Windows\System\IkMnfnk.exe
  2⤵
  PID:8044
- C:\Windows\System\XbilAda.exe
  C:\Windows\System\XbilAda.exe
  2⤵
  PID:8060
- C:\Windows\System\Fnmmsgz.exe
  C:\Windows\System\Fnmmsgz.exe
  2⤵
  PID:8104
- C:\Windows\System\WBueqoY.exe
  C:\Windows\System\WBueqoY.exe
  2⤵
  PID:8120
- C:\Windows\System\TddRhYC.exe
  C:\Windows\System\TddRhYC.exe
  2⤵
  PID:8140
- C:\Windows\System\BAGXKpx.exe
  C:\Windows\System\BAGXKpx.exe
  2⤵
  PID:8156
- C:\Windows\System\HruNqpP.exe
  C:\Windows\System\HruNqpP.exe
  2⤵
  PID:8176
- C:\Windows\System\sknWNUx.exe
  C:\Windows\System\sknWNUx.exe
  2⤵
  PID:7176
- C:\Windows\System\cHIXXlW.exe
  C:\Windows\System\cHIXXlW.exe
  2⤵
  PID:2756
- C:\Windows\System\vONAKTu.exe
  C:\Windows\System\vONAKTu.exe
  2⤵
  PID:7196
- C:\Windows\System\kxeBCdT.exe
  C:\Windows\System\kxeBCdT.exe
  2⤵
  PID:7228
- C:\Windows\System\quoqsGB.exe
  C:\Windows\System\quoqsGB.exe
  2⤵
  PID:7296
- C:\Windows\System\jNElKVf.exe
  C:\Windows\System\jNElKVf.exe
  2⤵
  PID:7336
- C:\Windows\System\IGtQrIs.exe
  C:\Windows\System\IGtQrIs.exe
  2⤵
  PID:7364
- C:\Windows\System\SajVfvg.exe
  C:\Windows\System\SajVfvg.exe
  2⤵
  PID:7392
- C:\Windows\System\SwxEEHB.exe
  C:\Windows\System\SwxEEHB.exe
  2⤵
  PID:7412
- C:\Windows\System\uVQefhZ.exe
  C:\Windows\System\uVQefhZ.exe
  2⤵
  PID:7436
- C:\Windows\System\HWwwDGe.exe
  C:\Windows\System\HWwwDGe.exe
  2⤵
  PID:7456
- C:\Windows\System\MStbHbY.exe
  C:\Windows\System\MStbHbY.exe
  2⤵
  PID:7552
- C:\Windows\System\LMdMNqo.exe
  C:\Windows\System\LMdMNqo.exe
  2⤵
  PID:7524
- C:\Windows\System\XwmHSGF.exe
  C:\Windows\System\XwmHSGF.exe
  2⤵
  PID:7572
- C:\Windows\System\qKeTPUd.exe
  C:\Windows\System\qKeTPUd.exe
  2⤵
  PID:7632
- C:\Windows\System\ZmpqYQo.exe
  C:\Windows\System\ZmpqYQo.exe
  2⤵
  PID:7640
- C:\Windows\System\fLWohWf.exe
  C:\Windows\System\fLWohWf.exe
  2⤵
  PID:7708
- C:\Windows\System\ARlmtxX.exe
  C:\Windows\System\ARlmtxX.exe
  2⤵
  PID:7752
- C:\Windows\System\QTlALsG.exe
  C:\Windows\System\QTlALsG.exe
  2⤵
  PID:7768
- C:\Windows\System\UGmXFzI.exe
  C:\Windows\System\UGmXFzI.exe
  2⤵
  PID:7792
- C:\Windows\System\kGtNdNc.exe
  C:\Windows\System\kGtNdNc.exe
  2⤵
  PID:7828
- C:\Windows\System\qwZtRzQ.exe
  C:\Windows\System\qwZtRzQ.exe
  2⤵
  PID:7868
- C:\Windows\System\VmoHCMU.exe
  C:\Windows\System\VmoHCMU.exe
  2⤵
  PID:7816
- C:\Windows\System\ruQTCgd.exe
  C:\Windows\System\ruQTCgd.exe
  2⤵
  PID:7888
- C:\Windows\System\xbXFYQX.exe
  C:\Windows\System\xbXFYQX.exe
  2⤵
  PID:7912
- C:\Windows\System\xsfVbJq.exe
  C:\Windows\System\xsfVbJq.exe
  2⤵
  PID:8024
- C:\Windows\System\GEABxCU.exe
  C:\Windows\System\GEABxCU.exe
  2⤵
  PID:8080
- C:\Windows\System\VcFZRjx.exe
  C:\Windows\System\VcFZRjx.exe
  2⤵
  PID:7976
- C:\Windows\System\ySYvpgk.exe
  C:\Windows\System\ySYvpgk.exe
  2⤵
  PID:8100
- C:\Windows\System\ZPfCOPS.exe
  C:\Windows\System\ZPfCOPS.exe
  2⤵
  PID:8116
- C:\Windows\System\moPKJBs.exe
  C:\Windows\System\moPKJBs.exe
  2⤵
  PID:8188
- C:\Windows\System\GetFmaN.exe
  C:\Windows\System\GetFmaN.exe
  2⤵
  PID:7260
- C:\Windows\System\qCXEAoB.exe
  C:\Windows\System\qCXEAoB.exe
  2⤵
  PID:7320
- C:\Windows\System\rkCxLEe.exe
  C:\Windows\System\rkCxLEe.exe
  2⤵
  PID:8132
- C:\Windows\System\NUANPgW.exe
  C:\Windows\System\NUANPgW.exe
  2⤵
  PID:7376
- C:\Windows\System\ofFkOLj.exe
  C:\Windows\System\ofFkOLj.exe
  2⤵
  PID:7472
- C:\Windows\System\UkeURAb.exe
  C:\Windows\System\UkeURAb.exe
  2⤵
  PID:7316
- C:\Windows\System\cTcMRBW.exe
  C:\Windows\System\cTcMRBW.exe
  2⤵
  PID:7512
- C:\Windows\System\ilEdbUP.exe
  C:\Windows\System\ilEdbUP.exe
  2⤵
  PID:7492
- C:\Windows\System\FJMDxbi.exe
  C:\Windows\System\FJMDxbi.exe
  2⤵
  PID:7660
- C:\Windows\System\swHXcOs.exe
  C:\Windows\System\swHXcOs.exe
  2⤵
  PID:7576
- C:\Windows\System\FJQnUwh.exe
  C:\Windows\System\FJQnUwh.exe
  2⤵
  PID:7672
- C:\Windows\System\KjFIuqA.exe
  C:\Windows\System\KjFIuqA.exe
  2⤵
  PID:7788
- C:\Windows\System\PwjwahX.exe
  C:\Windows\System\PwjwahX.exe
  2⤵
  PID:7880
- C:\Windows\System\EaXnOZh.exe
  C:\Windows\System\EaXnOZh.exe
  2⤵
  PID:7864
- C:\Windows\System\YcdsmCn.exe
  C:\Windows\System\YcdsmCn.exe
  2⤵
  PID:7948
- C:\Windows\System\kaIqSXU.exe
  C:\Windows\System\kaIqSXU.exe
  2⤵
  PID:8184
- C:\Windows\System\eXmXlaQ.exe
  C:\Windows\System\eXmXlaQ.exe
  2⤵
  PID:7860
- C:\Windows\System\FnYotHG.exe
  C:\Windows\System\FnYotHG.exe
  2⤵
  PID:7988
- C:\Windows\System\YhQBLpV.exe
  C:\Windows\System\YhQBLpV.exe
  2⤵
  PID:7256
- C:\Windows\System\ajepfZe.exe
  C:\Windows\System\ajepfZe.exe
  2⤵
  PID:8096
- C:\Windows\System\recDjJM.exe
  C:\Windows\System\recDjJM.exe
  2⤵
  PID:7348
- C:\Windows\System\glljvZS.exe
  C:\Windows\System\glljvZS.exe
  2⤵
  PID:8168
- C:\Windows\System\QtosmdK.exe
  C:\Windows\System\QtosmdK.exe
  2⤵
  PID:7488
- C:\Windows\System\GBsEcbI.exe
  C:\Windows\System\GBsEcbI.exe
  2⤵
  PID:6304
- C:\Windows\System\qLbWbMe.exe
  C:\Windows\System\qLbWbMe.exe
  2⤵
  PID:7656
- C:\Windows\System\VobtgDN.exe
  C:\Windows\System\VobtgDN.exe
  2⤵
  PID:7388
- C:\Windows\System\toBpGot.exe
  C:\Windows\System\toBpGot.exe
  2⤵
  PID:8040
- C:\Windows\System\McHLKcw.exe
  C:\Windows\System\McHLKcw.exe
  2⤵
  PID:7728
- C:\Windows\System\dseqAHU.exe
  C:\Windows\System\dseqAHU.exe
  2⤵
  PID:8088
- C:\Windows\System\YlanqHK.exe
  C:\Windows\System\YlanqHK.exe
  2⤵
  PID:7908
- C:\Windows\System\qXLTxoe.exe
  C:\Windows\System\qXLTxoe.exe
  2⤵
  PID:7220
- C:\Windows\System\LUTmzmS.exe
  C:\Windows\System\LUTmzmS.exe
  2⤵
  PID:8128
- C:\Windows\System\gFOyDIf.exe
  C:\Windows\System\gFOyDIf.exe
  2⤵
  PID:7400
- C:\Windows\System\iOTIVzB.exe
  C:\Windows\System\iOTIVzB.exe
  2⤵
  PID:8036
- C:\Windows\System\XIMmCxP.exe
  C:\Windows\System\XIMmCxP.exe
  2⤵
  PID:7932
- C:\Windows\System\FUKxtxo.exe
  C:\Windows\System\FUKxtxo.exe
  2⤵
  PID:7628
- C:\Windows\System\IQyVZsq.exe
  C:\Windows\System\IQyVZsq.exe
  2⤵
  PID:7540
- C:\Windows\System\jSELSgQ.exe
  C:\Windows\System\jSELSgQ.exe
  2⤵
  PID:8008
- C:\Windows\System\kpjEwhB.exe
  C:\Windows\System\kpjEwhB.exe
  2⤵
  PID:7304
- C:\Windows\System\MvKOGVT.exe
  C:\Windows\System\MvKOGVT.exe
  2⤵
  PID:7372
- C:\Windows\System\WfUBHaG.exe
  C:\Windows\System\WfUBHaG.exe
  2⤵
  PID:7900
- C:\Windows\System\SeypqtU.exe
  C:\Windows\System\SeypqtU.exe
  2⤵
  PID:7432
- C:\Windows\System\xbgjGAk.exe
  C:\Windows\System\xbgjGAk.exe
  2⤵
  PID:7968
- C:\Windows\System\pGOTdUT.exe
  C:\Windows\System\pGOTdUT.exe
  2⤵
  PID:7360
- C:\Windows\System\UmSbRBx.exe
  C:\Windows\System\UmSbRBx.exe
  2⤵
  PID:8020
- C:\Windows\System\XDeUZhl.exe
  C:\Windows\System\XDeUZhl.exe
  2⤵
  PID:7592
- C:\Windows\System\iZXSVyC.exe
  C:\Windows\System\iZXSVyC.exe
  2⤵
  PID:7508
- C:\Windows\System\olZpbpO.exe
  C:\Windows\System\olZpbpO.exe
  2⤵
  PID:8208
- C:\Windows\System\gvOfKOS.exe
  C:\Windows\System\gvOfKOS.exe
  2⤵
  PID:8224
- C:\Windows\System\AicRDoz.exe
  C:\Windows\System\AicRDoz.exe
  2⤵
  PID:8260
- C:\Windows\System\cNMVVki.exe
  C:\Windows\System\cNMVVki.exe
  2⤵
  PID:8276
- C:\Windows\System\IzpstYa.exe
  C:\Windows\System\IzpstYa.exe
  2⤵
  PID:8292
- C:\Windows\System\LKyxxra.exe
  C:\Windows\System\LKyxxra.exe
  2⤵
  PID:8312
- C:\Windows\System\nBrLQLX.exe
  C:\Windows\System\nBrLQLX.exe
  2⤵
  PID:8328
- C:\Windows\System\QsACPgo.exe
  C:\Windows\System\QsACPgo.exe
  2⤵
  PID:8348
- C:\Windows\System\hqfwnnb.exe
  C:\Windows\System\hqfwnnb.exe
  2⤵
  PID:8368
- C:\Windows\System\wkLSllE.exe
  C:\Windows\System\wkLSllE.exe
  2⤵
  PID:8384
- C:\Windows\System\OcrmkOu.exe
  C:\Windows\System\OcrmkOu.exe
  2⤵
  PID:8404
- C:\Windows\System\yCZSHoE.exe
  C:\Windows\System\yCZSHoE.exe
  2⤵
  PID:8424
- C:\Windows\System\sYjCRFY.exe
  C:\Windows\System\sYjCRFY.exe
  2⤵
  PID:8452
- C:\Windows\System\pERyiaF.exe
  C:\Windows\System\pERyiaF.exe
  2⤵
  PID:8472
- C:\Windows\System\mCfFfcV.exe
  C:\Windows\System\mCfFfcV.exe
  2⤵
  PID:8492
- C:\Windows\System\ChRrekO.exe
  C:\Windows\System\ChRrekO.exe
  2⤵
  PID:8512
- C:\Windows\System\uQiDOUl.exe
  C:\Windows\System\uQiDOUl.exe
  2⤵
  PID:8540
- C:\Windows\System\BYwnpZZ.exe
  C:\Windows\System\BYwnpZZ.exe
  2⤵
  PID:8556
- C:\Windows\System\sKgmavf.exe
  C:\Windows\System\sKgmavf.exe
  2⤵
  PID:8572
- C:\Windows\System\TlMiBQa.exe
  C:\Windows\System\TlMiBQa.exe
  2⤵
  PID:8588
- C:\Windows\System\PcIpCxV.exe
  C:\Windows\System\PcIpCxV.exe
  2⤵
  PID:8608
- C:\Windows\System\cqvLSjh.exe
  C:\Windows\System\cqvLSjh.exe
  2⤵
  PID:8628
- C:\Windows\System\keaJToU.exe
  C:\Windows\System\keaJToU.exe
  2⤵
  PID:8644
- C:\Windows\System\VptEtVK.exe
  C:\Windows\System\VptEtVK.exe
  2⤵
  PID:8684
- C:\Windows\System\XYjIMkY.exe
  C:\Windows\System\XYjIMkY.exe
  2⤵
  PID:8700
- C:\Windows\System\RDMnVcQ.exe
  C:\Windows\System\RDMnVcQ.exe
  2⤵
  PID:8720
- C:\Windows\System\zHEzpGD.exe
  C:\Windows\System\zHEzpGD.exe
  2⤵
  PID:8736
- C:\Windows\System\HMhjjSB.exe
  C:\Windows\System\HMhjjSB.exe
  2⤵
  PID:8756
- C:\Windows\System\OadIPfb.exe
  C:\Windows\System\OadIPfb.exe
  2⤵
  PID:8772
- C:\Windows\System\fmxokKT.exe
  C:\Windows\System\fmxokKT.exe
  2⤵
  PID:8792
- C:\Windows\System\dIqltQs.exe
  C:\Windows\System\dIqltQs.exe
  2⤵
  PID:8820
- C:\Windows\System\RCRWofn.exe
  C:\Windows\System\RCRWofn.exe
  2⤵
  PID:8840
- C:\Windows\System\lSKwGZB.exe
  C:\Windows\System\lSKwGZB.exe
  2⤵
  PID:8860
- C:\Windows\System\WYspVsy.exe
  C:\Windows\System\WYspVsy.exe
  2⤵
  PID:8876
- C:\Windows\System\LFPqwoU.exe
  C:\Windows\System\LFPqwoU.exe
  2⤵
  PID:8912
- C:\Windows\System\XEOVZUv.exe
  C:\Windows\System\XEOVZUv.exe
  2⤵
  PID:8932
- C:\Windows\System\FQywGsf.exe
  C:\Windows\System\FQywGsf.exe
  2⤵
  PID:8948
- C:\Windows\System\wjXhTne.exe
  C:\Windows\System\wjXhTne.exe
  2⤵
  PID:8968
- C:\Windows\System\fmntTBK.exe
  C:\Windows\System\fmntTBK.exe
  2⤵
  PID:8984
- C:\Windows\System\yIMuZlU.exe
  C:\Windows\System\yIMuZlU.exe
  2⤵
  PID:9012
- C:\Windows\System\mjkuzNB.exe
  C:\Windows\System\mjkuzNB.exe
  2⤵
  PID:9028
- C:\Windows\System\uiqsGsC.exe
  C:\Windows\System\uiqsGsC.exe
  2⤵
  PID:9044
- C:\Windows\System\whjFQSF.exe
  C:\Windows\System\whjFQSF.exe
  2⤵
  PID:9064
- C:\Windows\System\eUPGChU.exe
  C:\Windows\System\eUPGChU.exe
  2⤵
  PID:9088
- C:\Windows\System\LAUtYWk.exe
  C:\Windows\System\LAUtYWk.exe
  2⤵
  PID:9108
- C:\Windows\System\OjHTCxW.exe
  C:\Windows\System\OjHTCxW.exe
  2⤵
  PID:9136
- C:\Windows\System\lgbTPrO.exe
  C:\Windows\System\lgbTPrO.exe
  2⤵
  PID:9152
- C:\Windows\System\dVIrtjG.exe
  C:\Windows\System\dVIrtjG.exe
  2⤵
  PID:9176
- C:\Windows\System\zBNhgqa.exe
  C:\Windows\System\zBNhgqa.exe
  2⤵
  PID:9192
- C:\Windows\System\QPiGVzi.exe
  C:\Windows\System\QPiGVzi.exe
  2⤵
  PID:9208
- C:\Windows\System\twurEow.exe
  C:\Windows\System\twurEow.exe
  2⤵
  PID:8204
- C:\Windows\System\NsfAjda.exe
  C:\Windows\System\NsfAjda.exe
  2⤵
  PID:8216
- C:\Windows\System\TCHVFQd.exe
  C:\Windows\System\TCHVFQd.exe
  2⤵
  PID:8268
- C:\Windows\System\irPfwVd.exe
  C:\Windows\System\irPfwVd.exe
  2⤵
  PID:8324
- C:\Windows\System\rAVfgqy.exe
  C:\Windows\System\rAVfgqy.exe
  2⤵
  PID:8300
- C:\Windows\System\aBxdoEv.exe
  C:\Windows\System\aBxdoEv.exe
  2⤵
  PID:8364
- C:\Windows\System\ycmuMwm.exe
  C:\Windows\System\ycmuMwm.exe
  2⤵
  PID:8432
- C:\Windows\System\lPxljWO.exe
  C:\Windows\System\lPxljWO.exe
  2⤵
  PID:8420
- C:\Windows\System\vpaoeaS.exe
  C:\Windows\System\vpaoeaS.exe
  2⤵
  PID:8468
- C:\Windows\System\GElrVbF.exe
  C:\Windows\System\GElrVbF.exe
  2⤵
  PID:8508
- C:\Windows\System\XEPAcdR.exe
  C:\Windows\System\XEPAcdR.exe
  2⤵
  PID:8564
- C:\Windows\System\YetQhtn.exe
  C:\Windows\System\YetQhtn.exe
  2⤵
  PID:8604
- C:\Windows\System\SgzgCUE.exe
  C:\Windows\System\SgzgCUE.exe
  2⤵
  PID:8580
- C:\Windows\System\KGOiEoD.exe
  C:\Windows\System\KGOiEoD.exe
  2⤵
  PID:8624
- C:\Windows\System\QZFePAQ.exe
  C:\Windows\System\QZFePAQ.exe
  2⤵
  PID:8660
- C:\Windows\System\SSGDIsj.exe
  C:\Windows\System\SSGDIsj.exe
  2⤵
  PID:8692
- C:\Windows\System\ujITEIq.exe
  C:\Windows\System\ujITEIq.exe
  2⤵
  PID:8716
- C:\Windows\System\gAkjqUo.exe
  C:\Windows\System\gAkjqUo.exe
  2⤵
  PID:8808
- C:\Windows\System\yONzkRI.exe
  C:\Windows\System\yONzkRI.exe
  2⤵
  PID:8812
- C:\Windows\System\rfgZlHg.exe
  C:\Windows\System\rfgZlHg.exe
  2⤵
  PID:8828
- C:\Windows\System\efNwMxg.exe
  C:\Windows\System\efNwMxg.exe
  2⤵
  PID:8872
- C:\Windows\System\ntBoskk.exe
  C:\Windows\System\ntBoskk.exe
  2⤵
  PID:8900
- C:\Windows\System\OZFfLFn.exe
  C:\Windows\System\OZFfLFn.exe
  2⤵
  PID:8940
- C:\Windows\System\wZPZpXx.exe
  C:\Windows\System\wZPZpXx.exe
  2⤵
  PID:8956
- C:\Windows\System\vSWRfGN.exe
  C:\Windows\System\vSWRfGN.exe
  2⤵
  PID:8964
- C:\Windows\System\CGebHsZ.exe
  C:\Windows\System\CGebHsZ.exe
  2⤵
  PID:9040
- C:\Windows\System\tHjBikM.exe
  C:\Windows\System\tHjBikM.exe
  2⤵
  PID:9096
- C:\Windows\System\nsXVOTo.exe
  C:\Windows\System\nsXVOTo.exe
  2⤵
  PID:9100
- C:\Windows\System\ZDOLKox.exe
  C:\Windows\System\ZDOLKox.exe
  2⤵
  PID:9132
- C:\Windows\System\QkcexoW.exe
  C:\Windows\System\QkcexoW.exe
  2⤵
  PID:8196
- C:\Windows\System\YZndeRJ.exe
  C:\Windows\System\YZndeRJ.exe
  2⤵
  PID:8244
- C:\Windows\System\CZKyiwu.exe
  C:\Windows\System\CZKyiwu.exe
  2⤵
  PID:8248
- C:\Windows\System\wqommPR.exe
  C:\Windows\System\wqommPR.exe
  2⤵
  PID:8308
- C:\Windows\System\PMGaIcX.exe
  C:\Windows\System\PMGaIcX.exe
  2⤵
  PID:8380
- C:\Windows\System\dypdvmb.exe
  C:\Windows\System\dypdvmb.exe
  2⤵
  PID:8440
- C:\Windows\System\IOMrsek.exe
  C:\Windows\System\IOMrsek.exe
  2⤵
  PID:8448
- C:\Windows\System\MyHOigq.exe
  C:\Windows\System\MyHOigq.exe
  2⤵
  PID:8524
- C:\Windows\System\bgQuvna.exe
  C:\Windows\System\bgQuvna.exe
  2⤵
  PID:8596
- C:\Windows\System\BAwEYXZ.exe
  C:\Windows\System\BAwEYXZ.exe
  2⤵
  PID:8728
- C:\Windows\System\scZymWx.exe
  C:\Windows\System\scZymWx.exe
  2⤵
  PID:8744
- C:\Windows\System\rKbQVAN.exe
  C:\Windows\System\rKbQVAN.exe
  2⤵
  PID:8768
- C:\Windows\System\oLtPjMn.exe
  C:\Windows\System\oLtPjMn.exe
  2⤵
  PID:8836
- C:\Windows\System\pYNIMSx.exe
  C:\Windows\System\pYNIMSx.exe
  2⤵
  PID:8908
- C:\Windows\System\wspmqWS.exe
  C:\Windows\System\wspmqWS.exe
  2⤵
  PID:8896
- C:\Windows\System\qEJvkIv.exe
  C:\Windows\System\qEJvkIv.exe
  2⤵
  PID:9004
- C:\Windows\System\ULnZSOo.exe
  C:\Windows\System\ULnZSOo.exe
  2⤵
  PID:9060
- C:\Windows\System\reGHJiW.exe
  C:\Windows\System\reGHJiW.exe
  2⤵
  PID:8904
- C:\Windows\System\iXHjCiy.exe
  C:\Windows\System\iXHjCiy.exe
  2⤵
  PID:9148
- C:\Windows\System\FPQBOIi.exe
  C:\Windows\System\FPQBOIi.exe
  2⤵
  PID:8504
- C:\Windows\System\cGXtgLX.exe
  C:\Windows\System\cGXtgLX.exe
  2⤵
  PID:8256
- C:\Windows\System\jlSbJfq.exe
  C:\Windows\System\jlSbJfq.exe
  2⤵
  PID:8320
- C:\Windows\System\jPoLWLc.exe
  C:\Windows\System\jPoLWLc.exe
  2⤵
  PID:8240
- C:\Windows\System\BydSPKM.exe
  C:\Windows\System\BydSPKM.exe
  2⤵
  PID:8536
- C:\Windows\System\uDmRfAS.exe
  C:\Windows\System\uDmRfAS.exe
  2⤵
  PID:8252
- C:\Windows\System\DZSmtqb.exe
  C:\Windows\System\DZSmtqb.exe
  2⤵
  PID:8656
- C:\Windows\System\eVWjKwN.exe
  C:\Windows\System\eVWjKwN.exe
  2⤵
  PID:8680
- C:\Windows\System\UcErDzM.exe
  C:\Windows\System\UcErDzM.exe
  2⤵
  PID:8884
- C:\Windows\System\SeovTPK.exe
  C:\Windows\System\SeovTPK.exe
  2⤵
  PID:8856
- C:\Windows\System\eWWnUCe.exe
  C:\Windows\System\eWWnUCe.exe
  2⤵
  PID:9020
- C:\Windows\System\kRWvAmU.exe
  C:\Windows\System\kRWvAmU.exe
  2⤵
  PID:9160
- C:\Windows\System\mRMqdsl.exe
  C:\Windows\System\mRMqdsl.exe
  2⤵
  PID:7504
- C:\Windows\System\WYWpsYO.exe
  C:\Windows\System\WYWpsYO.exe
  2⤵
  PID:8500
- C:\Windows\System\vKZPYlK.exe
  C:\Windows\System\vKZPYlK.exe
  2⤵
  PID:8764
- C:\Windows\System\XmXWcmy.exe
  C:\Windows\System\XmXWcmy.exe
  2⤵
  PID:8788
- C:\Windows\System\RGCsCsQ.exe
  C:\Windows\System\RGCsCsQ.exe
  2⤵
  PID:9056
- C:\Windows\System\ySDSkGq.exe
  C:\Windows\System\ySDSkGq.exe
  2⤵
  PID:9164
- C:\Windows\System\cFIlSPL.exe
  C:\Windows\System\cFIlSPL.exe
  2⤵
  PID:8356
- C:\Windows\System\aDaKaaU.exe
  C:\Windows\System\aDaKaaU.exe
  2⤵
  PID:8748
- C:\Windows\System\aSJokdJ.exe
  C:\Windows\System\aSJokdJ.exe
  2⤵
  PID:8804
- C:\Windows\System\QHlYcmC.exe
  C:\Windows\System\QHlYcmC.exe
  2⤵
  PID:9076
- C:\Windows\System\xqYGWhe.exe
  C:\Windows\System\xqYGWhe.exe
  2⤵
  PID:8396
- C:\Windows\System\opZcdGX.exe
  C:\Windows\System\opZcdGX.exe
  2⤵
  PID:9236
- C:\Windows\System\hdkwuhU.exe
  C:\Windows\System\hdkwuhU.exe
  2⤵
  PID:9252
- C:\Windows\System\fMKTdfA.exe
  C:\Windows\System\fMKTdfA.exe
  2⤵
  PID:9280
- C:\Windows\System\vpxmgUe.exe
  C:\Windows\System\vpxmgUe.exe
  2⤵
  PID:9296
- C:\Windows\System\WPxywVl.exe
  C:\Windows\System\WPxywVl.exe
  2⤵
  PID:9320
- C:\Windows\System\AUgnkQx.exe
  C:\Windows\System\AUgnkQx.exe
  2⤵
  PID:9336
- C:\Windows\System\zgbMhhE.exe
  C:\Windows\System\zgbMhhE.exe
  2⤵
  PID:9356
- C:\Windows\System\hWETiLl.exe
  C:\Windows\System\hWETiLl.exe
  2⤵
  PID:9372
- C:\Windows\System\nZObIfS.exe
  C:\Windows\System\nZObIfS.exe
  2⤵
  PID:9392
- C:\Windows\System\NnSHQXO.exe
  C:\Windows\System\NnSHQXO.exe
  2⤵
  PID:9416
- C:\Windows\System\XxodnkT.exe
  C:\Windows\System\XxodnkT.exe
  2⤵
  PID:9452
- C:\Windows\System\UUBBpWA.exe
  C:\Windows\System\UUBBpWA.exe
  2⤵
  PID:9480
- C:\Windows\System\RcwXjRq.exe
  C:\Windows\System\RcwXjRq.exe
  2⤵
  PID:9500
- C:\Windows\System\IUKtFgf.exe
  C:\Windows\System\IUKtFgf.exe
  2⤵
  PID:9528
- C:\Windows\System\HaogfqE.exe
  C:\Windows\System\HaogfqE.exe
  2⤵
  PID:9544
- C:\Windows\System\QCsPvZq.exe
  C:\Windows\System\QCsPvZq.exe
  2⤵
  PID:9572
- C:\Windows\System\chjXGiF.exe
  C:\Windows\System\chjXGiF.exe
  2⤵
  PID:9588
- C:\Windows\System\KJySmRF.exe
  C:\Windows\System\KJySmRF.exe
  2⤵
  PID:9620
- C:\Windows\System\ZqIwtsn.exe
  C:\Windows\System\ZqIwtsn.exe
  2⤵
  PID:9636
- C:\Windows\System\atGdsUR.exe
  C:\Windows\System\atGdsUR.exe
  2⤵
  PID:9656
- C:\Windows\System\OlcphnI.exe
  C:\Windows\System\OlcphnI.exe
  2⤵
  PID:9688
- C:\Windows\System\DURArln.exe
  C:\Windows\System\DURArln.exe
  2⤵
  PID:9708
- C:\Windows\System\wTWjgPW.exe
  C:\Windows\System\wTWjgPW.exe
  2⤵
  PID:9732
- C:\Windows\System\nTbyWVK.exe
  C:\Windows\System\nTbyWVK.exe
  2⤵
  PID:9768
- C:\Windows\System\vPZDwkx.exe
  C:\Windows\System\vPZDwkx.exe
  2⤵
  PID:9788
- C:\Windows\System\UnBMyjz.exe
  C:\Windows\System\UnBMyjz.exe
  2⤵
  PID:9804
- C:\Windows\System\dqYiwRz.exe
  C:\Windows\System\dqYiwRz.exe
  2⤵
  PID:9828
- C:\Windows\System\xTmtFfq.exe
  C:\Windows\System\xTmtFfq.exe
  2⤵
  PID:9848
- C:\Windows\System\WOyZJsL.exe
  C:\Windows\System\WOyZJsL.exe
  2⤵
  PID:9864
- C:\Windows\System\GkMmTVf.exe
  C:\Windows\System\GkMmTVf.exe
  2⤵
  PID:9884
- C:\Windows\System\uksZMka.exe
  C:\Windows\System\uksZMka.exe
  2⤵
  PID:9904
- C:\Windows\System\YwrujgL.exe
  C:\Windows\System\YwrujgL.exe
  2⤵
  PID:9928
- C:\Windows\System\GouVMhg.exe
  C:\Windows\System\GouVMhg.exe
  2⤵
  PID:9948
- C:\Windows\System\ftQkVok.exe
  C:\Windows\System\ftQkVok.exe
  2⤵
  PID:9968
- C:\Windows\System\wUOugKz.exe
  C:\Windows\System\wUOugKz.exe
  2⤵
  PID:9988
- C:\Windows\System\ncgnflF.exe
  C:\Windows\System\ncgnflF.exe
  2⤵
  PID:10012
- C:\Windows\System\mLzZzJW.exe
  C:\Windows\System\mLzZzJW.exe
  2⤵
  PID:10028
- C:\Windows\System\KvQcFgH.exe
  C:\Windows\System\KvQcFgH.exe
  2⤵
  PID:10048
- C:\Windows\System\kqnRUsB.exe
  C:\Windows\System\kqnRUsB.exe
  2⤵
  PID:10064
- C:\Windows\System\GLwYkqI.exe
  C:\Windows\System\GLwYkqI.exe
  2⤵
  PID:10084
- C:\Windows\System\kgNxQJc.exe
  C:\Windows\System\kgNxQJc.exe
  2⤵
  PID:10100
- C:\Windows\System\RvbuIuE.exe
  C:\Windows\System\RvbuIuE.exe
  2⤵
  PID:10124
- C:\Windows\System\YrFBkYW.exe
  C:\Windows\System\YrFBkYW.exe
  2⤵
  PID:10144
- C:\Windows\System\Fsmaiqz.exe
  C:\Windows\System\Fsmaiqz.exe
  2⤵
  PID:10160
- C:\Windows\System\XxTcQWq.exe
  C:\Windows\System\XxTcQWq.exe
  2⤵
  PID:10176
- C:\Windows\System\GAyTZgM.exe
  C:\Windows\System\GAyTZgM.exe
  2⤵
  PID:10208
- C:\Windows\System\qPyWAqJ.exe
  C:\Windows\System\qPyWAqJ.exe
  2⤵
  PID:10232
- C:\Windows\System\KcXfSCo.exe
  C:\Windows\System\KcXfSCo.exe
  2⤵
  PID:9204
- C:\Windows\System\BCihgZp.exe
  C:\Windows\System\BCihgZp.exe
  2⤵
  PID:8892
- C:\Windows\System\dXcGNQA.exe
  C:\Windows\System\dXcGNQA.exe
  2⤵
  PID:9228
- C:\Windows\System\daajJeF.exe
  C:\Windows\System\daajJeF.exe
  2⤵
  PID:9264
- C:\Windows\System\EbUIxKT.exe
  C:\Windows\System\EbUIxKT.exe
  2⤵
  PID:9328
- C:\Windows\System\cxInptt.exe
  C:\Windows\System\cxInptt.exe
  2⤵
  PID:9312
- C:\Windows\System\RhdtYRe.exe
  C:\Windows\System\RhdtYRe.exe
  2⤵
  PID:9408
- C:\Windows\System\cAPUmoq.exe
  C:\Windows\System\cAPUmoq.exe
  2⤵
  PID:9384
- C:\Windows\System\soUKXyb.exe
  C:\Windows\System\soUKXyb.exe
  2⤵
  PID:9440
- C:\Windows\System\WggWRrR.exe
  C:\Windows\System\WggWRrR.exe
  2⤵
  PID:9508
- C:\Windows\System\yeFWHzM.exe
  C:\Windows\System\yeFWHzM.exe
  2⤵
  PID:9008
- C:\Windows\System\mwDcDHV.exe
  C:\Windows\System\mwDcDHV.exe
  2⤵
  PID:9568
- C:\Windows\System\oYBQAvk.exe
  C:\Windows\System\oYBQAvk.exe
  2⤵
  PID:9604
- C:\Windows\System\WEsPWkn.exe
  C:\Windows\System\WEsPWkn.exe
  2⤵
  PID:9524
- C:\Windows\System\oOyjldz.exe
  C:\Windows\System\oOyjldz.exe
  2⤵
  PID:9664
- C:\Windows\System\opOIbqw.exe
  C:\Windows\System\opOIbqw.exe
  2⤵
  PID:9472
- C:\Windows\System\sRcdjix.exe
  C:\Windows\System\sRcdjix.exe
  2⤵
  PID:9432
- C:\Windows\System\xiOHcnQ.exe
  C:\Windows\System\xiOHcnQ.exe
  2⤵
  PID:9388
- C:\Windows\System\FVZGFXT.exe
  C:\Windows\System\FVZGFXT.exe
  2⤵
  PID:9784
- C:\Windows\System\jWmWzUw.exe
  C:\Windows\System\jWmWzUw.exe
  2⤵
  PID:9824
- C:\Windows\System\jhLDJfN.exe
  C:\Windows\System\jhLDJfN.exe
  2⤵
  PID:9872
- C:\Windows\System\EpZPbvj.exe
  C:\Windows\System\EpZPbvj.exe
  2⤵
  PID:9896
- C:\Windows\System\yihmbos.exe
  C:\Windows\System\yihmbos.exe
  2⤵
  PID:9924
- C:\Windows\System\iXaciQh.exe
  C:\Windows\System\iXaciQh.exe
  2⤵
  PID:9944
- C:\Windows\System\CfpjTcb.exe
  C:\Windows\System\CfpjTcb.exe
  2⤵
  PID:9980
- C:\Windows\System\fiHroqD.exe
  C:\Windows\System\fiHroqD.exe
  2⤵
  PID:10000
- C:\Windows\System\ZBmBfsi.exe
  C:\Windows\System\ZBmBfsi.exe
  2⤵
  PID:10044
- C:\Windows\System\IdwKmUY.exe
  C:\Windows\System\IdwKmUY.exe
  2⤵
  PID:10024
- C:\Windows\System\pYVwOEL.exe
  C:\Windows\System\pYVwOEL.exe
  2⤵
  PID:10112
- C:\Windows\System\DqmCFVc.exe
  C:\Windows\System\DqmCFVc.exe
  2⤵
  PID:10096
- C:\Windows\System\hMkmTkV.exe
  C:\Windows\System\hMkmTkV.exe
  2⤵
  PID:10172
- C:\Windows\System\AsFCSXl.exe
  C:\Windows\System\AsFCSXl.exe
  2⤵
  PID:10204
- C:\Windows\System\nLatRsx.exe
  C:\Windows\System\nLatRsx.exe
  2⤵
  PID:8360
- C:\Windows\System\qkPxsRu.exe
  C:\Windows\System\qkPxsRu.exe
  2⤵
  PID:9248
- C:\Windows\System\RIlIzbJ.exe
  C:\Windows\System\RIlIzbJ.exe
  2⤵
  PID:9292
- C:\Windows\System\wMGUcBY.exe
  C:\Windows\System\wMGUcBY.exe
  2⤵
  PID:9288
- C:\Windows\System\hBeQPgA.exe
  C:\Windows\System\hBeQPgA.exe
  2⤵
  PID:9404
- C:\Windows\System\WnCGHic.exe
  C:\Windows\System\WnCGHic.exe
  2⤵
  PID:9352
- C:\Windows\System\svEFEna.exe
  C:\Windows\System\svEFEna.exe
  2⤵
  PID:9492
- C:\Windows\System\kzelJMS.exe
  C:\Windows\System\kzelJMS.exe
  2⤵
  PID:9520
- C:\Windows\System\flQMQIG.exe
  C:\Windows\System\flQMQIG.exe
  2⤵
  PID:9556
- C:\Windows\System\jxXZTFv.exe
  C:\Windows\System\jxXZTFv.exe
  2⤵
  PID:9644
- C:\Windows\System\WlNzpFQ.exe
  C:\Windows\System\WlNzpFQ.exe
  2⤵
  PID:9728
- C:\Windows\System\rLWxpHt.exe
  C:\Windows\System\rLWxpHt.exe
  2⤵
  PID:9720
- C:\Windows\System\lfDAzWE.exe
  C:\Windows\System\lfDAzWE.exe
  2⤵
  PID:9796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AApzLYZ.exe

Filesize
6.0MB

MD5
9a5922047fcc2ba496d3f27ec32786a6

SHA1
bf29cd21279ce17776d8787db9d3ad1d164b0c48

SHA256
c5b5a40dd9a9c6a8438ede3eee14f2dc667cc57e5ecf64602d0119d4c4c998ee

SHA512
260d343faf0110b5cd2b5cfce9013e64c59e9340f1ebb935d3621171166dcf49cb97d5020d3819c45d938199f8124694e0ed3a68e94cd6a98b0c0e74a262a512

Download Submit
C:\Windows\system\BaARaow.exe

Filesize
6.0MB

MD5
f19bedab87efc5dc49e14e249f21cc8c

SHA1
8e44c754719d88a3850d483f715dc6936d840752

SHA256
407c19ee9d141fb689966ed2e6540ac2dac7830e570e301ac4c2e24d19f69c9d

SHA512
d4f0354a2ae96a5d5d592ad0ac07bf06f44548ea804e741824c1fc365ca9038c1a7b564dabec875376732d5c5c6021e844eb6d9bbafb362c82f283d6fc964ff8

Download Submit
C:\Windows\system\KKcrBHS.exe

Filesize
6.0MB

MD5
37180c7220939a291d8cb8f2aca53156

SHA1
d0c5c87711f596c806a850dba636fb99bf9984e6

SHA256
784dc194fa2bf0d1e030d84d53cffbe72df7ada8ca72309086f74e3730dc1507

SHA512
99d7ed6df501f23376b4c070db64242cf8dce1dcbfd02e11c36b9385bf7f63ee109cdd6f868a6b7e036fea9804ced802b7e2db2a7319d815fbd0890081ff57a4

Download Submit
C:\Windows\system\MfGfkci.exe

Filesize
6.0MB

MD5
6ae445160a0d499db2386e5514e3e615

SHA1
975eddf7078b7796610e4a27add5e5721fa31ba0

SHA256
7b09771bfccec737988ef09a5e366736d38dbeb2153dccf60abaa7802da9eae5

SHA512
36b7bde4423026beac85e7f126f9f39b6b6bbb9f94e8a46f0bcc69235459561eea9fedaf964bdfaeef17e5bdde944348c89d655cf29dac9eb4729208d88dfb7c

Download Submit
C:\Windows\system\MkodRWR.exe

Filesize
6.0MB

MD5
d5c22c4193e80f00b29cd7f9c72d3896

SHA1
11bfd94c7b4c3be7046ab31377f4d3dd1e266c53

SHA256
4acc85df1d6026c1811c9b190d9f50495da8931810be56e7ac668486de2960da

SHA512
9a120cb4baab70a0d9fdb0b69f780c2cbe25781b8dbdb487cc3caa2154f55b0d6c03c6790f2704f951be194be6f4b38dd980a3c37f59a3d4a077a57d893a85cc

Download Submit
C:\Windows\system\QkyvhbS.exe

Filesize
6.0MB

MD5
98f53d9c91495edf2b34a92cfde2780c

SHA1
cd8ab90666cfedd501b37ea1344d29fca860e35b

SHA256
bb01da81ea7ff882edbf47222f2f111a7700ca45503b5111c9ec9118666b8bcc

SHA512
903db1573f1cc4d68f1b6e886f6036605c44951cf72e8d21b7447175d1d60d6781d090c7119ddde346563f9eb486df7c79ebdbfdadb4137ec1a513aca7fee6cd

Download Submit
C:\Windows\system\QyctxAv.exe

Filesize
6.0MB

MD5
e70a8945ffe65721d2052e5fe45a25cf

SHA1
124534caafcf1c8f693e4c28410ac8d4d1dfa7af

SHA256
3cea21b2263477bd58801c8a2ce1dc3203446b3eb10a3e3feb8b3822fbf2ce5b

SHA512
cb56f49076bdcb173ac0911ebfc131d249c7d9292d2b0bf2ecf13bd08678f85b267abd79f62d6a438f885d418502ef03117060f6a24e32cd7299b24384781816

Download Submit
C:\Windows\system\RBLIwqd.exe

Filesize
6.0MB

MD5
a3ef76d3a0f7f12835b21547aa3f4bf9

SHA1
8e77da2b05dcf3372d54c5aada8c179cbfd01e49

SHA256
a854765a000d6e8820a235d7d7ec5806c89123df6410c87fc80375e634886656

SHA512
b99f2dc4ec68f140cd104ad9f128b64f3e11730bb2eb744ed2440ba6c615d1f749e3d076dfeef907a2707af345a37d03fbe8cf7ac39e9aa9668ac4bf9abbab44

Download Submit
C:\Windows\system\TcclrJK.exe

Filesize
8B

MD5
ff1f511cfcb6148bc629469522ce8a80

SHA1
afefdfb9bdd18c2594f20858df9aa8f38fbb0dc6

SHA256
ee8aa84b08aeb03d2b066e5bc4992f721b16ff1d1143d91aae43e53f3934c783

SHA512
202c5871f9e3eab8e0ab408b6574d3f5ee31c2ffdcbc7527618ccc2cccc3b74fba4e7e81ac7613f3bb0c9fb12c97a0ed82992251c3f62ed4004a7296549f260b

Download Submit
C:\Windows\system\UnWaBGP.exe

Filesize
6.0MB

MD5
14bc5a368c71678201f4a6f81d3e97d8

SHA1
30800a5851aeadecf35d8f59e8366c6bc11f3db3

SHA256
44dc9a5012a70f0c9158e123cd7f50f2ad5e087a6805ea2dc77c688ac8f0bbde

SHA512
2524b2a6056e3b35505fc41acb7ee95ca6da7df7609b18e1dbb15ff21264c378d83bfa6bf7b1fe8387bde034cf13a6adbc39e63324564c4aa05ec01732221233

Download Submit
C:\Windows\system\Uqnhpyz.exe

Filesize
6.0MB

MD5
c0357cab1bb86f79848dfac64b986369

SHA1
7f361b98d03debadf220484499971c70236fd02c

SHA256
2d5d02ea8bad7d412c57141b1169becdfacf0fe0852d8525c8df390d598cae3c

SHA512
0ce7ef98436ca740b8a000f1f87b5bd37876f822c581e872d76050ececb61454c5c4acd31cd747c5212fd3986a28ffb511e71394efdc9148a17ee8b1b5f93433

Download Submit
C:\Windows\system\WTDMbwm.exe

Filesize
6.0MB

MD5
a1687ea78a92d66f1961536b009d418c

SHA1
c452506e2e0b1ff316869869c16b7dd1447e175f

SHA256
18c1a0902cf7d3263d9dbedacba13a750ecd61c7689f7027af92d9390fda90dc

SHA512
98a50ec7ca0e3555136f0427b0e07dbbb2d7d882f66b0716db7504af3c7572276acd11beed07a9f1f3c79f773c0ce8093fd071495dfa1901c34617619fb07fc5

Download Submit
C:\Windows\system\YEWBtgO.exe

Filesize
6.0MB

MD5
430734af1c73b5371ee519ccd5f52281

SHA1
fc582f12478da735c38e12684b191f2999650454

SHA256
7ec060e994c3459fc9d06b42f464b09d70e5236fda4afcfb478ecd116b454e69

SHA512
72e7125ab0bd007dd62ad21326f2e41907709021f1cc91912bea5ac4a0ac0788ca20207664e1ec77ea1661b9723aa73c207fc4939ec9157144c7eb945c08b1c8

Download Submit
C:\Windows\system\YNMvZyS.exe

Filesize
6.0MB

MD5
aa2f288e958c1eeb0cf1725514151657

SHA1
72adfadf9b719c10ccce00cfdeb397d1adb76bb0

SHA256
c0b143f204fe6f75304f536b63d98a124ec955f9d8d7318d063bdd3ee2647754

SHA512
e25cda7d4c8838419dd0981e8cde1d14e8de405928e0660dc294aa512e34a719e51b51d11b68bcf2d3865478c91fd785fd84700c92a163a0f965130ad94b9fc7

Download Submit
C:\Windows\system\aNPEDQA.exe

Filesize
6.0MB

MD5
7d51712f9ed4b6c67e454d16eab718aa

SHA1
8d18480fca0c96204f23bcf2dd4df63430191083

SHA256
cd9eb03c9038a44b4858b913d486382c2019571209d30048e6bc346ec24c4462

SHA512
27176802bd8713feabead59619d6154158db0092c567dc2f83d645cc69dcf34b80f2594b7d8fd4284a3fe2dd5da763c6bcc6d3fd399fae246f4343c317457305

Download Submit
C:\Windows\system\bjmStcJ.exe

Filesize
6.0MB

MD5
26f3f271af99b507c26fcda133e8ddf2

SHA1
534ab23fe4da1cb1d636b7428ec67e6922ce4675

SHA256
0c7f1ab6fe8ed59a53ded29aedfff1555153b7d4ebf6b1280dc346e0026068f7

SHA512
0d5d2d37621285f393fcf3f5f54017857cc9e17c075410d772718d4ee9e939c0df54da62a7e0f37333a85f0355b99ed293bb026f2cdbe8d633de22e5752fc9d7

Download Submit
C:\Windows\system\bocMJwb.exe

Filesize
6.0MB

MD5
8b17434049f5d122ec90023b20e22f11

SHA1
56c01283408957ff1cf3665ea16166aaa526b7cc

SHA256
10fe50ab6bec5585d4c6e017335552830fe2e0bcf934df53222decbfe36c7983

SHA512
30d27006cbd0e5ec033616227afea39662545b719c7cc7e5e561321dc6abae400054f2c1fe5317939a1a2e5e5444ea9352c2c5a671cfaba5f59f2e14ac46c71a

Download Submit
C:\Windows\system\duClMnR.exe

Filesize
6.0MB

MD5
a7ff9f3c61498a66cab5a0a5ae44c2e2

SHA1
5721773bc86f527c4bf243b53bc0a15a383806f5

SHA256
64c4d53a9fa44716932d7df91cd7a895492e2a587074ffeb125f82d52e147030

SHA512
40070b24963b64bcd5d6d6e3e6eb2ff48a0827eba420807502870d37a0a756455279ae81d98d05ce1cc14829f9dca29e9d21ad46cd504b2fd852dbd2e864d859

Download Submit
C:\Windows\system\gQKOrWE.exe

Filesize
6.0MB

MD5
e7586c9bc7c53ef0266a4daf6a0d9be7

SHA1
43aec3067a475a55001950b9e4c119b0e39ce0de

SHA256
2c0d0bce168372feb94e3b8149b36d9d9d4ae8b3629d28b74f7497fc0edb85e4

SHA512
d39565808a238843e4c8af62fb610c5f3a7d4646677d204bcd411f2cb182050a7f87b113d10ac9ce2b7ec512963f68b1f3f40d9cf91a9018ec42631ba966f38b

Download Submit
C:\Windows\system\hIjmdPF.exe

Filesize
6.0MB

MD5
f974710ddd02e87ce072c4b32e385bc0

SHA1
cd00e2bbf30e5b9c070f9ba381acc49a47781921

SHA256
2b2a6903dd2bfd6a16fc07025656c52ed1054d01839b6ef1170471542f9e3c5c

SHA512
5b2d70864080d37b7a79f712eb2647ef4b86528ebb49183265cb8ea83f60fc221b7961ce96ba098fe4a284ec4ccad3eb1a98171ce68a4041984bba060a27f0cc

Download Submit
C:\Windows\system\otxANyY.exe

Filesize
6.0MB

MD5
cf22dfb74621938dd64cad34ccff36bd

SHA1
78aff92b66b0014f25f35d44aea50cd541f78d36

SHA256
5af53e39ef6708db0e8d741ebafdd68d0d7451f8c6f59d78f00586f5138a82b6

SHA512
4b033303ef4a281072cd80e85a7459649b5b8d593957ed28ae9cd3af93dae27a6ced8a48d698f945ad2ef4aa486aff9508123caf3bb3525a3078ac1eb12b6749

Download Submit
C:\Windows\system\pZNebGP.exe

Filesize
6.0MB

MD5
25cd03e58a78af82416cd6c7e903db5a

SHA1
55c8cbbb4404922c5003922e7937f3b94a591230

SHA256
e678f9dd293d5db236e216d7b68f94940542adc1c579a7e3af48d5f431b0d50b

SHA512
d881c775c94f9102e5461dd920b4d01ce178b9d47fdf9e1cb05138d795d2f250aaba020cd7dad32cb905153d413ef225511169b4b182e24a01376510e9fec5ad

Download Submit
C:\Windows\system\splhpzp.exe

Filesize
6.0MB

MD5
06febd6d65421c7d58f098f951d75742

SHA1
5c3fa3a1840d0adaefd7d078c025feeb4a1fb7a5

SHA256
8619afe016d7c6de8d85a26fb517d48f0f3481573827230235a4e191165ab3aa

SHA512
1d195094d06efe34c76e378018bb23d78d3b2203d2165b6a452f72e4c488edbb9df06adf22acf28cc56f53c47b660780653543839a34d30b614a4b23463ef5e9

Download Submit
C:\Windows\system\suqMfzG.exe

Filesize
6.0MB

MD5
4fa70554eeb8977fc1186bc3b33936e7

SHA1
aa317b53e5a15c881f7ee29cc0ee54211b496af8

SHA256
70be951367c5c2b10ba1d31bf8b6f7dca788226a83f52b263ba20e20c6db222d

SHA512
9b1c1be7bf814479f4e350c9b7442a4176f187a3fa307962f1e8b044fbba2081bd3319a2a65b4cb89436874c6cfa77d5949ba91a20197d54635fc71eb7a57eed

Download Submit
C:\Windows\system\uiHJaUZ.exe

Filesize
6.0MB

MD5
6bfba8e5677022a657c0e7cfa0e9fca6

SHA1
20e55ed8166fca0b226443c0b37a961233096f0b

SHA256
98bbf9802e0669a41ad938814c54603273e7fcea897d5b0d6219b86a6290b451

SHA512
16c6090b66bb1fab236115339ee3103bf65c17540e8e07f14dae00b86c08b4beae2e03341bb349e1ec0c68dc7a4846808ab377366e8bdcd1fef097086e64c1cf

Download Submit
C:\Windows\system\whzqzCO.exe

Filesize
6.0MB

MD5
535bddcd81aa23f776bed701cb0acdd1

SHA1
7484cb36f59fe710ac96e4bbd92a560533c9933b

SHA256
974df6d68a8b686b5e31b0c003217980c56b77cb5cced0e9e3a063ece4faa672

SHA512
6e1c87d7a42b53b8a85c16f92c57a8906b0d278a903cf21ccea07f90a54e8c8c1f9033db1b940ec7b5c90af10cfddafae0cfeb0b799509445e43071c5a569daa

Download Submit
C:\Windows\system\xEQdqbW.exe

Filesize
6.0MB

MD5
79fdcca4607292cceed8d5d70aec5d0a

SHA1
d53ddb3cb820fd9cf814698adbf0dca7e7ec4dd9

SHA256
d1cba23e329c00592aa4dbb74a852b49150602958f1f75ad8798ff45f64f5787

SHA512
4b5533f25e38b0de36a45104058cbae0ddb225123b79b4e6c39f4732ca8c9f63a5826efec220aa2ecea196344301e715d5f6f6e598a5d4ab707a57489fba2eda

Download Submit
C:\Windows\system\zkhCSQW.exe

Filesize
6.0MB

MD5
3622d56955f0530ae3d457b2f25af1a0

SHA1
43d49fb07340da39f0f978c68927c453ddb9e85c

SHA256
0f109474bbdaccc95bd0aed59c31d8ba4668ae2eaa456819797aa3875dcc8205

SHA512
a26252e6690d4e426d3b40ff45f95a7a08a27a974e3bba74622dbd14a5b44faf23ce9f148ad10037538de9ef59c3646b0a9da96478278a655c678b2d29769ff5

Download Submit
\Windows\system\BLUPvXR.exe

Filesize
6.0MB

MD5
c70409b63d6a2fd27a9e731f5548ce9c

SHA1
650e0fc9da14bd5721784741aa66e29630b08308

SHA256
00e5d0207761283986d5ca55a07700f910eec749c643f2510e7d77b474b68a5f

SHA512
3fff738698a7fbc6e658688cd749ee02edb6708016417bf7be98bd181a57bd7a9741c1a691ea724f91bf0c5bc14e6c454e9739affc05b92999300841ea9b2ace

Download Submit
\Windows\system\RkVwxfU.exe

Filesize
6.0MB

MD5
4b3ffc548ebe50b220f4935e88308e73

SHA1
5c9cfd6286da9a1f6a0a71cbe312366fab162eab

SHA256
c24e74af3e21791838a639319f9c67872a39783f8e3c99e275710d1c209d0cec

SHA512
ea804e3534bc57f45d3cbf2b715f3159b8a3b0731690f1451bc7d35a322b0217b53ed07f858cab2a1958ed5be230b64e189bbf86f7aab179f184e2014d2e0cab

Download Submit
\Windows\system\cSXUJID.exe

Filesize
6.0MB

MD5
f66f7d43c53b5d803cb459b422050808

SHA1
ecf2bab5b45dd6024ccc119eb32f8a9c7f579797

SHA256
75f02dcd186f421038a62ffb7086ef4dfd4a803f9f72bbbb5c74481e401c7307

SHA512
d2e443193be9533c34c12768b134001a518facf0bdf305b1f80fdd9f7dc4ec6d72fa770a4f6f755bfe04168c31901264cd1e900e0460fbe333bd5e3107deb119

Download Submit
\Windows\system\jRpevEE.exe

Filesize
6.0MB

MD5
f0153e688b8b02dd42a88825f8f1c4da

SHA1
b92384b9fa391bfb62dbb2698752e7c90ab1a980

SHA256
5c417b16f837e6dc6f2cc8e3eb38d628ea25332bf7f88f605a9cfa48730bb8de

SHA512
814a91ec0c0aa576039148f200eff3a7efd265a8bd720e7aae348fb8fc4bbb3a4f8c8c83e66807cfa300e35e0d1c5c85226f33bc34a80de57af7c242a727a030

Download Submit
\Windows\system\psPWDsn.exe

Filesize
6.0MB

MD5
911fb69ec9928b75e90a220dbd779263

SHA1
f5bc4637ea33020be4bdfd799cac6e62201165f5

SHA256
4f6ad26975399d49adf1fb8f7e8e4601e6c45238e9bb526d88497276536de3a4

SHA512
891b8bb3f2d6abb6798b1fa3c1ab4a84b3272d7ceb73428a8b3fcae29e3bffb3174686fc48d41d44b38b3894d5b372ca614e5fce3c0c114ac9f0dac0dbee2213

Download Submit
memory/268-443-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/268-2980-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/268-86-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/856-102-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/856-709-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/856-2985-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-71-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-2970-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-182-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-595-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2981-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-51-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-15-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2100-639-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-97-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-0-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2100-91-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-59-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-23-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2100-108-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2100-528-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-774-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-107-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-90-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-368-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2100-28-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-98-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-82-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-67-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2100-37-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2292-78-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2292-303-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2978-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2396-11-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-40-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2931-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2924-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2464-14-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2524-55-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2942-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-20-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-101-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-63-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2974-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-62-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2935-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2860-26-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2880-56-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2880-94-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2960-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2938-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-34-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-70-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-43-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2945-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2984-77-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2961-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2988-85-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2988-48-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download